[whatwg] Prevent a document from being manipulated by a "top" document

Anne van Kesteren annevk at opera.com
Tue Aug 2 04:00:48 PDT 2011


On Tue, 02 Aug 2011 12:48:06 +0200, Dennis Joachimsthaler  
<dennis at efjot.de> wrote:
> I agree that just disallowing that the page gets shown is one solution
> but I am mainly concerned about reading important information out of
> an iframe site.
>
> Say, there's a site which uses an autologin facility to automatically
> log their users in when the site is opened.
>
> Malicious guy #1 prepares a site that loads the same site in an iframe.

You cannot get to that information cross-origin.


-- 
Anne van Kesteren
http://annevankesteren.nl/



More information about the whatwg mailing list