JavaScript可以访问自动填充的密码吗? [英] Can JavaScript access autofilled passwords?

问题描述

JavaScript可以访问自动填充的密码吗?这是否存在安全风险?我知道存储的密码通常严格与某个域相关联，但是有时Chrome浏览器会建议另一个网站的用户名和密码(如果该网站目前没有该域的存储密码).

Can JavaScript access autofilled passwords, and is this considered a security risk? I know that stored passwords generally are strictly associated with a domain, but sometimes Chrome suggests the username and password from another website if it has no currently stored passwords for this domain.

(我想这可能会因浏览器而异)

(This may vary by browser, I guess)

推荐答案

Chrome在两种情况下会自动填充详细信息:

Chrome autofills details under two circumstances:

1. 明确告知要记住特定网站的凭据
2. 看到字段时，它认为它可以自动填充，并且用户接受建议的值(并且这些值将不是密码)

1. When explicitly told to remember credentials for a specific site
2. When it sees fields it thinks it can autofill and the user accepts the suggested values (and these values won't be passwords)

尽管这些字段可以被JavaScript读取，但没有用户的明确指示，就不会填充这些字段.

While the fields can be read by JavaScript, they won't be populated without an explicit instruction from the user.

这的确增加了风险级别，因为用户可能会错误地意外确认数据，因此该级别被认为是低的.

This does increase the level of risk, because a user might accidentally confirm the data by mistake, the level is considered low.

这篇关于JavaScript可以访问自动填充的密码吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！