WebKit VS password-manager-resources

Multiple engineers are working on adding it back: https://github.com/WebKit/WebKit/pulls?q=is%3Apr+is%3Aclosed...

Since 2023 Chrome announced the View Transition API, and it looks like Safari is also going to support it soon.

One heap per type.

Here’s an allocator optimized for that use case.

https://github.com/WebKit/WebKit/blob/main/Source/bmalloc/li...

To use this in Bun, you’d have to start Bun with the environment variable “BUN_JSC_useDollarVM=1” and then $vm.createBuiltin(mySourceCodeString)

When using this intrinsic, if any of the arguments are incorrect or it cannot otherwise enable it, the entire process will probably crash. In debug builds of JSC it will have a nicer assertion failure but that is not enabled in release builds

Example code: https://github.com/WebKit/WebKit/blob/17351231b4dedb62d81721...

also happy to answer any questions about Bun

Ah, good, let me introduce you to the wonderful world of the Chrome Devtools Protocol! (fka Chrome Remote Debugging Protocol)

I love this API for almost everything browser related. I built my RBI product atop this (BrowserBox: https://dosyago.com), and I think it's a drastically underrated API.

Also, it works out of the box in Edge, Brave, Chromium, and many parts of CRDP are supported by Firefox and Safari^1

1: See for example: https://github.com/WebKit/webkit/tree/main/Source/JavaScript...

No, it's unrelated.

https://github.com/WebKit/WebKit/commit/064df1a9f395f8c6e32c...

It's being worked on now: https://github.com/WebKit/WebKit/pull/17320

It is different. The cross-site navigation flag is a couple of years old. It was enabled by default for iOS in November 2018 for example https://github.com/WebKit/WebKit/commit/e191fc8c412850cb9fd0...

Even Apple was so annoyed at this themselves that they actually went for a full open-source open-for-contributions GitHub repository at https://github.com/apple/password-manager-resources to get around these issues.

> Many password managers generate strong, unique passwords for people so that they aren't tempted to create their passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't compatible with a website, a person not only has a bad experience but a reason to be tempted to create their password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.

Check out https://github.com/apple/password-manager-resources

Apple has already created the database for this and made it open source: https://github.com/apple/password-manager-resources

Something like this?

Password rules are really all over the place. Based on the sampling available on Apple's password rules database, seems that the majority of sites would accept a 12-character password (although ironically, most websites that restrict the password to be shorter than 12 characters seem to be banks...).

There are still some things in Keychain that feel stupid. For example, Keychain won't merge https://www.google.co.uk and https://www.google.com accounts into one and you can't do it by yourself, and it will even warn about duplicated passwords for these two websites — that's very stupid especially because Apple maintains open database for password managers which solves the problem of alias domains. But that's the most annoying thing for me.

https://github.com/apple/password-manager-resources/blob/mai...

For being "quite obscure", I've at least heard of most of these sites before. Banks with "maxlength: 8", you love to see it.

FWIW, Apple asks users to tell them the password requirements to websites they notice the "Strong Password" feature doesn't work correctly.

The password complexity rule set is open source, you can contribute requirements for specific sites: https://github.com/apple/password-manager-resources