[whatwg] cross-domain scrollIntoView on frames and iframes

Giorgio Maone g.maone at informaction.com
Sat Apr 4 23:09:54 PDT 2009

Peter Kasting wrote, On 05/04/2009 0.54:
> On Sat, Apr 4, 2009 at 12:56 PM, timeless <timeless at gmail.com> wrote:
>> sounds like a security nightmare.
> Can you be less vague?  We've had a number of security people vet this
> already, so specific complaints would be very helpful.
> PK
It would make clickjacking attacks more precise, by exactly positioning 
the frame content where the attacker wants it to be.
Not that you cannot already be pixel-precise by using absolute 
positioning inside an overflow: hidden div...
Let's say it would make them even more script-kiddies friendly.
Giorgio Maone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090405/45a6faa9/attachment-0002.htm>

More information about the whatwg mailing list