b2cloud

23rd August 2011

Autofill, not so secure

Tutorial By 5 years ago

Autofill makes it easy to access regularly visited sites that require a password. When you go back you see your username and password conveniently filled in for you, and because the password is stared out nobody can get this, right? Wrong. If somebody opens up the autofilled page they can very easily use Javascript to reveal the contents of the password field to them.

I wont use any real websites to demonstrate how this works, so I will use a html page I have created.

Open this page then type anything into the password field. Go ahead and type this into the address bar and push return

javascript:alert(document.getElementById('password').value);

javascript:for(var i=0;i<document.getElementsByTagName('input').length;i++){if(document.getElementsByTagName('input')[i].type=="password"){alert(document.getElementsByTagName('input')[i].value);}}

Don’t use autofill for things you can’t afford to lose.

  • Can be done automatically like this:

    javascript:for(var i=0;i

  • Tom
Recommended Posts

iOS performSelector with multiple parameters

Post by 5 years ago

On iOS the built in convenience method performSelector method call only allows for up to 2 parameters. - (void) aMethod { [self performSelector:@selector(doSomethingWithObject:otherObject:) withObject:@(1) withObject:@(2)]; } - (void) doSomethingWithObject:(id) object otherObject:(id) otherObject { // Code

Got an idea?

We help entrepreneurs, organizations and established brands from around
the country bring ideas to life. We would love to hear from you!