Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Most likely because credit card forms are very often served in iframes. 1Password fills iframes too (though maybe only for cards, not sure).


1Password fills iframes based on their domain rather than the parents. If you have an entry in 1Password it will use the value for the domain of the iframe.

I’ve gone so far as to test this.

In my opinion this is the right security model


That definitely makes sense for logins.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: