Also, malicious scripts can change the password input type field to a regular te... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bored on Jan 6, 2017 \| parent \| context \| favorite \| on: Browser auto-fill phishing Also, malicious scripts can change the password input type field to a regular text field and grab it from there.

talmand on Jan 6, 2017 [–]

There's no need to convert the input type to get the plain text value of a password input. It just masks the input value visually.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact