Comment by sheept
4 months ago
I do not think it'd be "so easy" to separate password input access into a separate permission because it'd only open up a can of worms. There's so many ways to read a password input's value, from listening to key events to monkey patching `fetch`, that it's not worth playing whack-a-mole just to provide users a false sense of security
I'm also skeptical that even a dark mode extension would be simple considering how varied web pages can be
It's not that complicated. Protect input.value. But good point on networking, but also an easy fix: extensions that do not have a special network permission, should not be able to hook/look into your requests.