Address security concerns on storing credentials locally #13
Labels
bug
Something isn't working
enhancement
Ask to enhance an existing feature
extra attention
Extra attention is needed
Description of issue or feature request
The extensions could be exploited by web applications from their privileged capabilities. And malicious scripts on the page may be able to access the local storage and retrieve sensitive info stored by our extension. Read more about the issue on chrome dev page and academic papers like this. Also take a look at threatpost, infosecbuzz.
le-git-imate stores some sensitive info (token, password) locally. As mentioned in #28, we should first remove the need of password and then protect the token.
Current behavior
Expected behavior
The text was updated successfully, but these errors were encountered: