Protection against showing hidden passwords with javascript
- From: matthewslaney@xxxxxxxxx
- Date: Sat, 1 Mar 2008 22:33:23 -0800 (PST)
Hi,
I recently learned of the "exploit" where you can run a javascript
command to view saved passwords that are hidden. This code:
javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms;
for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if
(f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if
(s) alert("Passwords in forms on this page:\n\n" + s); else
alert("There are no passwords in forms on this page.");})();
I was wondering if there was any way to protect against this?
Please refrain from stating the obvious, "don't save your passwords".
There are a couple of sites I use frequently and don't care about
security too much, but don't want my passwords to disappear.
Thanks,
Matthew
.
- Follow-Ups:
- Re: Protection against showing hidden passwords with javascript
- From: Todd H.
- Re: Protection against showing hidden passwords with javascript
- From: Barry Margolin
- Re: Protection against showing hidden passwords with javascript
- From: Sebastian G.
- Re: Protection against showing hidden passwords with javascript
- From: Gerald Vogt
- Re: Protection against showing hidden passwords with javascript
- From: Bit Twister
- Re: Protection against showing hidden passwords with javascript
- Prev by Date: Re: Brute Force Attack Password Discovery With Defined Character Set
- Next by Date: Re: Protection against showing hidden passwords with javascript
- Previous by thread: Brute Force Attack Password Discovery With Defined Character Set
- Next by thread: Re: Protection against showing hidden passwords with javascript
- Index(es):
Relevant Pages
|
|
