- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Mon, 11 Jul 2011 14:31:57 -0400
On Mon, Jul 11, 2011 at 9:29 AM, Sean Connelly <sean at pbwhere.com> wrote: > As a web developer, if I wanted access to the password, I would then avoid > using the <input type="password"> field, and create my own field that reads > characters (perhaps via onkeyup), and fakes a password field visually. Then browsers wouldn't autofill it, which would defeat the nastiest attack here (stealing passwords without user intervention). But as noted, you can always submit the form, so it really doesn't help that much anyway.
Received on Monday, 11 July 2011 11:31:57 UTC