No access to bookmarks in BrowserID window makes it impossible to use a password generating bookmarklet to sign in #521
Comments
some thoughts on this: bookmarklets are either fully self-contained, or they pull in some third-party library. If they're self-contained, then it is very difficult to code that bookmarklet correctly: If they're not self-contained, then that means they're including a third-party library, which we are going to disallow via Content-Security-Policy anyways. So, I think we have to leave things as they are. Closing this issue and marking it WONTFIX. |
I'm interested in your analysis of the bookmarklet in the URL field at the bugzilla link since it doesn't seem to match any of the case studies given in that PDF. |
@Mardeg do you have a link to a clean version of that code? Parsing the minified JS is a bit hard on the late-night brain :) |
It was autogenerated from supergenpass.com a while ago from a form where there were choices on things such as the length of the generated password and whether to "store the master password" or not. I chose not to, obviously, just mentioning it in case there is redundant code in there that isn't called. |
Sorry, missed a minified funciton - http://pastebin.mozilla.org/1485325 |
An alternative would be to provide a built-in generating tool based on either an existing master password or a prompted oneif remembering passwords is disabled, otherwise a completely random one which would be parity with https://sites.google.com/a/chromium.org/dev/developers/design-documents/password-generation |
Details at https://bugzilla.mozilla.org/show_bug.cgi?id=699003
The text was updated successfully, but these errors were encountered: