You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The email in question belongs to the user who is logged in. Harmless I hear you say because they already know their own email address.
However, a malicious browser extension could very easily harvest email addresses and the user’s private data this way.
Say I created a handy extension called “Tracking Pixel Detector” or some such that users could install to keep an eye on tracking pixels. Every site they visit where they are logged in will reveal their email address to the extension.
Please address this potential security hole by ensuring email addresses are NEVER displayed in the source code.
The text was updated successfully, but these errors were encountered:
This was raised in a previous topic with a lack of resolution (but closed nonetheless).
The FB pixel rendered out in source looks like this:
The email in question belongs to the user who is logged in. Harmless I hear you say because they already know their own email address.
However, a malicious browser extension could very easily harvest email addresses and the user’s private data this way.
Say I created a handy extension called “Tracking Pixel Detector” or some such that users could install to keep an eye on tracking pixels. Every site they visit where they are logged in will reveal their email address to the extension.
Please address this potential security hole by ensuring email addresses are NEVER displayed in the source code.
The text was updated successfully, but these errors were encountered: