[reilly3000]

Yes, but that's the essence of the whole problem: there are ways to spoof what the current website is, causing your context-aware password manager to spit out data it shouldn't. Diabling autofill pretty much eliminates the whole vector though, without breaking UX that hard.

[dsissitka]

> there are ways to spoof what the current website is, causing your context-aware password manager to spit out data it shouldn't.

Can you give an example?

[zarify]

There was this example from 2017. https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-u...

I seem to remember reading about similar stuff done elsewhere, but don't remember the details (or apparently a useful search term :P).

[kerng]

Isn't the XSS example highlighted here a good example?