You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While blocking javascript and cookies by default is a great security measure, there is still a wide room left for phishing attacks which usually work through social engineering. For example, passwords for googles.com can be collected by moogles.com, if the user is not paying attention to the URL. (Intentionally simplified example).
While sophisticated techniques like tab-nabbing can be avoided by disabling JS, simple techniques, such as the above URL hack, can be achieved with a simple HTML form.
Proposal
There could be a number of ways to disable forms on unknown websites:
Disable the form action and note it in the request manager when the action is attempted.
Disable the form entirely (greyed out inputs) a-priori by checking the action as soon as it is known to the DOM model.
The former is simpler to code so could be taken up first.
The text was updated successfully, but these errors were encountered:
Background
While blocking javascript and cookies by default is a great security measure, there is still a wide room left for phishing attacks which usually work through social engineering. For example, passwords for googles.com can be collected by moogles.com, if the user is not paying attention to the URL. (Intentionally simplified example).
While sophisticated techniques like tab-nabbing can be avoided by disabling JS, simple techniques, such as the above URL hack, can be achieved with a simple HTML form.
Proposal
There could be a number of ways to disable forms on unknown websites:
The former is simpler to code so could be taken up first.
The text was updated successfully, but these errors were encountered: