Re: Protection against showing hidden passwords with javascript



In article
<459fcaba-fabb-4ac4-83e3-114b2016d598@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
matthewslaney@xxxxxxxxx wrote:

Hi,

I recently learned of the "exploit" where you can run a javascript
command to view saved passwords that are hidden. This code:

javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms;
for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if
(f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if
(s) alert("Passwords in forms on this page:\n\n" + s); else
alert("There are no passwords in forms on this page.");})();

I was wondering if there was any way to protect against this?

Please refrain from stating the obvious, "don't save your passwords".
There are a couple of sites I use frequently and don't care about
security too much, but don't want my passwords to disappear.

I'm not sure what the threat is. Obviously a script on a web page has
access to all the form data you've entered into it, including passwords.

--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
.