Details at https://bugzilla.mozilla.org/show_bug.cgi?id=699003
some thoughts on this: bookmarklets are either fully self-contained, or they pull in some third-party library.
If they're self-contained, then it is very difficult to code that bookmarklet correctly:
If they're not self-contained, then that means they're including a third-party library, which we are going to disallow via Content-Security-Policy anyways.
So, I think we have to leave things as they are. Closing this issue and marking it WONTFIX.
I'm interested in your analysis of the bookmarklet in the URL field at the bugzilla link since it doesn't seem to match any of the case studies given in that PDF.
@Mardeg do you have a link to a clean version of that code? Parsing the minified JS is a bit hard on the late-night brain :)
It was autogenerated from supergenpass.com a while ago from a form where there were choices on things such as the length of the generated password and whether to "store the master password" or not. I chose not to, obviously, just mentioning it in case there is redundant code in there that isn't called.
The site probably changed how it generates the bookmarklet since then.
Here is a pastebin of the code unminified by hand:
Sorry, missed a minified funciton - http://pastebin.mozilla.org/1485325
An alternative would be to provide a built-in generating tool based on either an existing master password or a prompted oneif remembering passwords is disabled, otherwise a completely random one which would be parity with https://sites.google.com/a/chromium.org/dev/developers/design-documents/password-generation
@benadida or @Mardeg does this need to be reopened since your conversation is recent?