You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think it may be useful to note in "Request a SiteBoundCredential with user mediation" step 2 and/or "Credential Selection" that a UA could provide UI to allow the user to use a PasswordCredential that isn't already stored by the UA.
This would improve:
the UX for cases where the user wants to use a credential other than one that is currently saved (perhaps without saving it permanently this time either) so the user can use the trusted UI consistently for the site
security for the initial capture of the password credential which is otherwise usually captured from regular <input> which could be read by an attacker via XSS
The text was updated successfully, but these errors were encountered:
I think it may be useful to note in "Request a SiteBoundCredential with user mediation" step 2 and/or "Credential Selection" that a UA could provide UI to allow the user to use a PasswordCredential that isn't already stored by the UA.
This would improve:
<input>which could be read by an attacker via XSSThe text was updated successfully, but these errors were encountered: