Script Name Ambiguity
Creating this stemming from Request 354829.
Please add functionality to provide additional context around scripts. Scripts are not able to be managed effectively and/or proactively block access to sensitive fields when generic script names are provided.
I did some testing and was able to replicate this utilizing a tampermonkey script (the script came in as a userscript file) so it's likely related to extensions with higher priveleges. Nonetheless this issues should be addressed/looked into.
-
Jeffery Anschutz-Ceja
- Jul 7 2023
Related ideas
Hello Saurav, are there any updates with this?
Attachments Open full size
Thank you, Jeff! Added this to our roadmap as well. Though, this may take some time for us to get to. I will update timelines when we have better clarity on the same.
Attachments Open full size
Of course Saurav!
We had discussed how user-script:## appears pretty consistently under the Script List.
Unfortunately this helps very little when investigating/determining whether or not to mitigate behavior.
We think it is tied to extension scripts that are pulled in - I have tested this briefly with tampermonkey and have attached how that came through on the browser.
The concern is whether or not we can manage these scripts effectively to block access to sensitive fields.
Let me know if you need anything else.
Thank you,
Jeff
Attachments Open full size
Thanks for sharing this idea, Jeff!
This item somehow is not on my notes from our call. Can you expand on the requirement a little?
Attachments Open full size