@mathias An epic debate! Knee-jerk reaction that dates back to when browsers handled autocomplete much more poorly. We'll likely re-enable.
@avlidienbrunn My point is: XSS is a separate issue that is dangerous, with or without autofill. +@Hacker0x01
-
-
@mathias It's more dangerous if the attacker can get plaintext credentials. It's about mitigation, just like CSP and whatnot. +@Hacker0x01 -
@avlidienbrunn I meant: you can still get plaintext credentials with autofill disabled using your trick.@Hacker0x01 - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.