[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Robert O'Callahan robert at ocallahan.org
Thu Sep 25 16:23:30 PDT 2008


Other than sliding content over the top of the IFRAME, there are fun ways to
get exactly the appearance the attacker wants ... keep in mind when
designing a solution:
-- make the IFRAME opacity:0 (or 0.01) and draw whatever you want underneath
it
-- use SVG <filter> effects (in conjunction with SVG <foreignObject>, or CSS
extensions to apply filters to non-SVG content) to simply replace the
rendering of the IFRAME with something else.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080926/4805da9c/attachment.htm>


More information about the whatwg mailing list