JavaScript 可以访问自动填充的密码吗? [英] Can JavaScript access autofilled passwords?

查看:28
本文介绍了JavaScript 可以访问自动填充的密码吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

JavaScript 能否访问自动填充的密码,这是否存在安全风险?我知道存储的密码通常与域严格关联,但有时 Chrome 会建议来自另一个网站的用户名和密码,如果它当前没有为该域存储密码.

Can JavaScript access autofilled passwords, and is this considered a security risk? I know that stored passwords generally are strictly associated with a domain, but sometimes Chrome suggests the username and password from another website if it has no currently stored passwords for this domain.

(我猜这可能因浏览器而异)

(This may vary by browser, I guess)

推荐答案

Chrome 在两种情况下自动填充详细信息:

Chrome autofills details under two circumstances:

  1. 当明确要求记住特定站点的凭据时
  2. 当它看到字段时,它认为可以自动填充并且用户接受建议的值(这些值不会是密码)
  1. When explicitly told to remember credentials for a specific site
  2. When it sees fields it thinks it can autofill and the user accepts the suggested values (and these values won't be passwords)

虽然这些字段可以被 JavaScript 读取,但如果没有用户的明确指示,它们将不会被填充.

While the fields can be read by JavaScript, they won't be populated without an explicit instruction from the user.

这确实增加了风险级别,因为用户可能会不小心误确认数据,级别被认为是低的.

This does increase the level of risk, because a user might accidentally confirm the data by mistake, the level is considered low.

这篇关于JavaScript 可以访问自动填充的密码吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆