Hacker Newsnew | comments | show | ask | jobs | submitlogin

[deleted]



My password isn't viewable in the source (cmd + opt + u), but when I inspect the password field with the Web Inspector, my password is visible in plain text as the value of the password field.

-----


I just checked, my password was visible in the source. Pretty shitty, Pandora.

-----


EDIT: Found it. It was in the settings page.

What is the source code surrounding the password? Is it the same as the screenshot? I'm trying to find mine but can't.

Also, what browsers are you guys using?

Mine is Chrome.

-----


Just right-click the password field and choose 'Inspect Element' in the menu.

-----


Mine too.

-----


Are you looking at view-source: or are you looking at the actual DOM after it has been modified by JavaScript?

The password field is created by JavaScript based on a template from the HTML source, and the password is filled in via a script; it's not sent in the base page.

-----


Ahhh - there it is - you're right! Pretty lousy.

-----


Try inspecting the element (in Chrome inspector or Firebug or whatever). My password is visible there. When doing a simple view-source, I just see "${password}" though.

-----


Mine says

  value="${password}"/> 
in the source.

-----


Try going to the settings screen and then right-click in the password field and click inspect element (assuming Chrome).

I thought mine just said value="${password}" too, but nope, its there in all its unencrypted glory.

-----




Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: