-
_From @mnoorenberghe on August 4, 2015 20:15_
The LocallyStoredCredential aspect of the spec duplicates functionality provided by requestAutocomplete with autocomplete="(username/new-password/current…
-
_From @adrianhopebailie on April 17, 2015 11:50_
The spec defines custom matching algorithms for the different sub-classes of `Credential`. If this could be restructured into a single-generic algorit…
-
Although section[ Credential Selection](https://w3c.github.io/webappsec-credential-management/#user-mediated-selection) uses passive language for the most part to describe the UI a user agent should s…
-
## Request for Mozilla Position on an Emerging Web Specification
* Specification Title: Markup based Client Hints delegation for third-party content
* Specification or proposal URL: https://groups…
-
959a5292e8cee5f78f04d515f352ab176ddd37f0 added partial definitions for the credential management API at https://github.com/facebook/flow/blob/d294e2d82e44e2f306f282d1bbf43254ce8530ac/lib/bom.js#L1452-…
-
```
Some password hashing systems make use of a so-called "pepper". Like a salt,
but there is a single one, stored externally from the password database, and
hopefully in a manner which is as diffic…
-
As discussed in #1321 we want to propagate the internal origin field when a Request constructor copies another request without modifying it. One of the reasons for this is so that SameSite cookies wi…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
The CORS response header [`Access-Control-Allow-Origin`](https://github.com/whatwg/fetch/blob/master/review-drafts/2018-06.bs#L2109) currently only allows two possible values, the wildcard `*` or the …
-
Google Chrome and the ostensibly open source browser Chromium implementation of `SpeechRecognition` records the user voice and sends the users' biometric data to a remote web service https://bugs.chro…