[tantek]random web page -> "edit this page" link (with or without rel=edit, though with rel=edit would make the add-on an accessory) -> cross-origin domain that "looks like" github/gitlab/gitea etc. with the exact same login screen presentation to phish your credentials.
