Don't autofill passwords in sandboxed contexts (b8f34863) · Commits · Librem5 / debs / Epiphany · GitLab

Snippets Groups Projects

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this page for instructions on how to get full permissions. Sorry for the inconvenience.

source.puri.sm migrated to a new server, see new ssh key fingerprint.

Commit b8f34863 authored 2 years ago by Michael Catanzaro

Don't autofill passwords in sandboxed contexts

If using the sandbox CSP or iframe tag, the web content is supposed to
be not trusted by the main resource origin. Therefore, we'd better
disable the password manager entirely so the untrusted web content
cannot exfiltrate passwords.

https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x

Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>

parent d40816b7

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 26 additions and 0 deletions

Please register or to comment