The browserpass security principles happen to protect against this. https://github.com/dannyvankooten/browserpass#security …
Maybe @taviso can check if they are respected?https://twitter.com/TedOnPrivacy/status/946432489471598594 …
-
-
Replying to @FiloSottile
I like the idea, but why is allFrames true? That doesn't seem correct - shares top window creds with isolated ad iframes, no? https://github.com/dannyvankooten/browserpass/blob/master/chrome/background.js#L23 …
1 reply 0 retweets 3 likes
Replying to @taviso @FiloSottile
I think it also seems a bit racy, I can see they've thought about the problem with lastFocusedWindow, but I'm not sure that's guaranteed to be atomic, would have to test. I think they might need to use a content_script receiver instead of executeScript() https://github.com/dannyvankooten/browserpass/blob/master/chrome/background.js#L64 …
11:52 AM - 28 Dec 2017
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.