[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
Maciej Stachowiak
mjs at apple.com
Thu Sep 25 20:12:18 PDT 2008
On Sep 25, 2008, at 8:07 PM, Maciej Stachowiak wrote:
>
> On Sep 25, 2008, at 3:23 PM, Michal Zalewski wrote:
>
>> On Thu, 25 Sep 2008, Maciej Stachowiak wrote:
>>
>>>> C) Treat a case where top-left corner of the IFRAME is drawn out of
>>>> a visible area (CSS negative margins, etc) as a special case of
>>>> being obstructed by the owner of a current rendering rectangle
>>>> (another IFRAME or window.top) and carry out the same comparison.
>>>
>>> Isn't this likely to come up any time you have a scrollable
>>> iframe, or one with overflow: hidden? And why top left but not
>>> bottom right?
>>
>> I meant, corner of the container, rather than actual document
>> rendered within.
>
> Then can't you work around the restriction by scrolling the contents
> inside the iframe and sizing it carefully? (One way to scroll an
> iframe to a desired position is to load a URL containing an anchor
> link
Sorry, got cut off here. One way to scroll is to load a URL including
a fragment identifier pointing to an element inside the target document.
- Maciej
More information about the whatwg
mailing list