[whatwg] cross-domain scrollIntoView on frames and iframes
Adam Barth
whatwg at adambarth.com
Sun Apr 5 22:32:10 PDT 2009
On Sun, Apr 5, 2009 at 1:09 AM, Giorgio Maone <g.maone at informaction.com> wrote:
> It would make clickjacking attacks more precise, by exactly positioning the
> frame content where the attacker wants it to be.
> Not that you cannot already be pixel-precise by using absolute positioning
> inside an overflow: hidden div...
> Let's say it would make them even more script-kiddies friendly.
Hum... That doesn't sound that bad. If you're relying on the
obscurity of pixel offsets for a clickjacking defense, then you've got
bigger problems than scrollIntoView.
Adam
More information about the whatwg
mailing list