Re: [csswg-drafts] [selectors-4] [backgrounds-3] Prevent CSS keylogging from Nadya678 via GitHub on 2018-03-10 (public-css-archive@w3.org from March 2018)

From: Nadya678 via GitHub <sysbot+gh@w3.org>
Date: Sat, 10 Mar 2018 16:19:58 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-372042054-1520698798-sysbot+gh@w3.org>

You never should send passwords from servers. Embedded ads scripts (and additions to browsers)  can read value without background manipulation. If the form is bad filled by user, the password should be reentered. Never send back. Also access to password via JS (ECMAScript should be blocked.  

The passwords sent from SEERVER TO BROWSER should be blocked by browser to prevent CSS and JS manipulation. The safety of password should have first priority. 

-- 
GitHub Notification of comment by Nadya678
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2426#issuecomment-372042054 using your GitHub account

Received on Saturday, 10 March 2018 16:20:07 UTC