[whatwg] cross-domain scrollIntoView on frames and iframes
Giorgio Maone
g.maone at informaction.com
Sat Apr 4 23:09:54 PDT 2009
Peter Kasting wrote, On 05/04/2009 0.54:
> On Sat, Apr 4, 2009 at 12:56 PM, timeless <timeless at gmail.com> wrote:
>
>
>> sounds like a security nightmare.
>>
>
>
> Can you be less vague? We've had a number of security people vet this
> already, so specific complaints would be very helpful.
>
> PK
It would make clickjacking attacks more precise, by exactly positioning
the frame content where the attacker wants it to be.
Not that you cannot already be pixel-precise by using absolute
positioning inside an overflow: hidden div...
Let's say it would make them even more script-kiddies friendly.
--
Giorgio Maone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090405/45a6faa9/attachment-0002.htm>
More information about the whatwg
mailing list