This change exposes passwords to JavaScript in the Credential Management API by providing the corresponding attribute on PasswordCredential. Furthermore it deprecates the previously existing PasswordCredential attributes and the custom `fetch()` `credential` infrastructure.

Documentation

• https://developers.google.com/web/updates/2017/06/credential-management-updates
• https://developer.mozilla.org/en-US/docs/Web/API/PasswordCredential
• https://developer.mozilla.org/en-US/docs/Web/API/PasswordCredential/password

Specification

Editor's draft

Status in Chromium

Blink components: Blink>SecurityFeature>CredentialManagement

Enabled by default (tracking bug) in:

• Chrome for desktop release 60
• Chrome for Android release 60
• Android WebView release 60

Consensus & Standardization

• Firefox: No signal
• Edge: No signal
• Safari: No signal
• Web Developers: Positive

Owner

• jdoerrie@chromium.org

Search tags

Last updated on 2020-11-09