Allowlist for autofill

[errotu]

First of all, thanks a lot for all your work and this great add-on!

I really like the autofill feature, however, I also understand that it's not safe to generally enable it for all websites, as this could lead to a situation where login data is entered into fields which are not secure. If I understand the current configuration correctly, I can set up a blocklist for certain websites or login-data which disables the autofill-function on the respective site, but enables it for all others.

However, what I would like to do is the opposite: I'd like to enable autofill only for certain websites I consider particularly safe/trustworthy (effectively an allowlist for this feature, not a blocklist). Is there any way to achieve this at the moment?

[droidmonkey]

Depends on your browser, but you can enable "When clicked" on Edge/Chrome. That is effectively an allow list at the extension level.

When it comes to browser fill, we will not provide credentials to any site that doesn't match the url of an entry in your database. Further, if you block access to certain groups or entries to the extension then they will never be found/returned at all. The situation you describe is actually not possible with how we have coded the extension. Database data is only transmitted if you explicitly allow it and a strict url match occurs which malicious sites cannot spoof.

[varjolintu]

If you want to restrict what entries to use and not to use with the extension, you can also put those in a different group in KeePassXC. Then edit the group setting for allowing those entries to the browser extension, and deny the second group. This can be also done per-entry.