Dang, could the login page get a title?

Question

RFE: Could the login page [0] get an HTML title element containing the string "Hacker News", say "Login | Hacker News"?This would be immediately useful for password managers matching on window titles.[0] https://news.ycombinator.com/login

distcs · Accepted Answer

> This would be immediately useful for password managers matching on window titles.Password managers matching on window titles to decide what password to autofill sounds very dangerous! What password manager is this?

Someone1234 · Answer

If they're going to update that page just add it to the list:
- Title (ideally unique, like Login | Hacker News)
- Use of section heading elements for "Login" and "Create Account"
- A background color
- Set the autocomplete attribute on the two password inputs to "current-password" for login and "new-password" for Create Account. Give both username inputs the autocomplete "username"[0]
- Give the two username and password inputs unique names (e.g. username, new-username, password, new-password)
- Stop being "clever" and change to standard HTML forms. Currently, both login/create forms point to the same endpoint, with the button's "value" mutating what that end-point does. This is completely non-standard and therefore difficult for any password manager to navigate without hard-coding. Instead, have each submit to a different endpoint (e.g. login, and create-account respectively).
- The forgotten password page also points to an endpoint called "x" and the username input has a different name than either one found on the login page "s" and no autocomplete hint.
If someone wanted to target HN with a bot, circumventing this would be trivial. It only really negatively impacts legitimate users trying to use password managers.
[0] https://developer.apple.com/documentation/security/password_...

LinuxBender · Answer

The best way to reach dang is email hn@ycombinator.com

runjake · Answer

A password manager matching on window titles would be a security vulnerability without additional domain checking.

userm0d · Answer

I am curious, what password manager uses the window title instead of the current URL?Feels like a really ineffective approach.

jer0me · Answer

&ldquo;If your page has a title, you&rsquo;ve launched too late!&rdquo;

neovialogistics · Answer

Modifying Login elements is something a blackhat would request.

billconan · Answer

why can't the HN codebase be opensourced? so that we can send PR to help improve.

Dang, could the login page get a title?

RFE: Could the login page [0] get an HTML title element containing the string "Hacker News", say "Login | Hacker News"?
This would be immediately useful for password managers matching on window titles.
[0] https://news.ycombinator.com/login

> This would be immediately useful for password managers matching on window titles.
Password managers matching on window titles to decide what password to autofill sounds very dangerous! What password manager is this?

The best way to reach dang is email hn@ycombinator.com

A password manager matching on window titles would be a security vulnerability without additional domain checking.

I am curious, what password manager uses the window title instead of the current URL?
Feels like a really ineffective approach.

“If your page has a title, you’ve launched too late!”

Modifying Login elements is something a blackhat would request.

why can't the HN codebase be opensourced? so that we can send PR to help improve.