[whatwg] cross-domain scrollIntoView on frames and iframes
g.maone at informaction.com
Sat Apr 4 23:09:54 PDT 2009
Peter Kasting wrote, On 05/04/2009 0.54:
> On Sat, Apr 4, 2009 at 12:56 PM, timeless <timeless at gmail.com> wrote:
>> sounds like a security nightmare.
> Can you be less vague? We've had a number of security people vet this
> already, so specific complaints would be very helpful.
It would make clickjacking attacks more precise, by exactly positioning
the frame content where the attacker wants it to be.
Not that you cannot already be pixel-precise by using absolute
positioning inside an overflow: hidden div...
Let's say it would make them even more script-kiddies friendly.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg