Skip to content
Snippets Groups Projects
Select Git revision
  • pureos/crimson protected
  • pristine-tar
  • pureos/byzantium default protected
  • 40-bz
  • pureos/amber-phone protected
  • archive/pureos/sloppy
  • archive/librem5-3-38-0
  • archive/librem5-3-32-1-2
  • archive/librem5-3-34-1
  • archive/librem5-3-34-0
  • archive/librem5-3-33-91
  • pureos/v43.1-1pureos1 protected
  • pureos/v40.2-1pureos2 protected
  • pureos/v40.2-1pureos1 protected
  • upstream/40.2
  • pureos/v3.38.3-1pureos1 protected
  • upstream/3.38.3
  • pureos/v3.38.2-1pureos2 protected
  • pureos/v3.38.2-1pureos1 protected
  • upstream/3.38.2
  • pureos/v3.38.1-1pureos3 protected
  • pureos/v3.38.1-1pureos2 protected
  • pureos/v3.38.1-1pureos1 protected
  • pureos/3.38.0+17582+git53d8176c1-1pureos0 protected
  • upstream/3.38.1
  • pureos/3.38.0+17563+git7408900be-1pureos0 protected
  • pureos/3.32.1.2+1+gite04d60d-1pureos0 protected
27 results
Compare
user avatar
Don't autofill passwords in sandboxed contexts
Michael Catanzaro authored 
If using the sandbox CSP or iframe tag, the web content is supposed to
be not trusted by the main resource origin. Therefore, we'd better
disable the password manager entirely so the untrusted web content
cannot exfiltrate passwords.

https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x

Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
b8f34863
History
user avatar b8f34863
History
Name Last commit Last update