Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Kimmax109877y1. this is not an issue with Firefox, it has to do with a js framework used.
2. Not an security issue, since you need to have access to the tab to view the source. Generally speaking if you have control over what it's run on, it's hackable.
3. It doesn't make it worse if you think about compromised extensions, since they can inject javascript into the page anyway if allowed too. If they can, it's a dead simple one-liner to retrieve the password. Don't simply trust all extensions kids. -
balte22917yconsole.log($('.password').value)
I don't see why this is so specifically insecure.
did you know your password gets send to the server in plaintext as well? -
Kimmax109877y@balte except it's HTTPS, okayy if you want to be that specific it's still plain text on a encrypted transport layer, but you get what I mean
Related Rants
So I was logging into google today and my password is very long so I often make mistakes while typing it so I went to inspect element to change input type to text so that I can check the password and I see that Firefox is storing my password already as plain text. Wtf Firefox???
rant
securityhazard
firefox