@Hacker0x01 Why `autocomplete=off` on your password input? Having the browser remember & autofill passwords seems safer than anything else.
@avlidienbrunn You could abuse this if there’s XSS on the login page, but then you can log keystrokes anyway, autofill or not. @Hacker0x01
-
-
@mathias@Hacker0x01 The XSS can be anywhere on the domain. Still one-click owned, and that's pretty shitty tbh: http://jsfiddle.net/avwUm/6/show/ -
@avlidienbrunn My point is: XSS is a separate issue that is dangerous, with or without autofill. +@Hacker0x01 - 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.