Archive for the 'security' Category

Nightmare scenarios with WebMIDI

Nov 2nd, 2016

In the spirit of Halloween… allow me to entertain you with some security and privacy nightmares with the way WebMIDI is implemented in Chrome currently. The spec says: “The suggested security model explicitly allows user agents to require the user’s approval before giving access to MIDI devices, although it is not currently required to prompt […]


Oversharing with the browser’s autofill

Oct 12th, 2016

Auto-filling forms is cool. Unless, of course, you give away more data than you thought you were. The basics It’s pretty simple, actually. You just add an autocomplete attribute to your <input> and give it one of the predefined values. And off you go. For example: <input type=”text” autocomplete=”given-name”> When the browser sees this, it […]