WingNews logo WingNews
top | item 46973945

(no title)

sebzim4500 | 18 days ago

It's hard to see how you would implement that, any script run within the context of the page needs access to these fields for backwards compatibility reasons, so the context script of the extension would just need to find a way of running code in the context of the page to exfiltrate the data. It could do this by adding script tags, etc.

discuss

order

throwaway0665|18 days ago

Browsers break backwards compatibility for security all the time. Most recently Chrome made accessing devices on a local network require a permission. They completely changed the behavior of cookies. They break loads of things for cross origin isolation.

sebzim4500|18 days ago

Sure, but this would break a significant portion of sign in UIs.