[whatwg] Prevent a document from being manipulated by a "top" document
Anne van Kesteren
annevk at opera.com
Tue Aug 2 04:00:48 PDT 2011
On Tue, 02 Aug 2011 12:48:06 +0200, Dennis Joachimsthaler
<dennis at efjot.de> wrote:
> I agree that just disallowing that the page gets shown is one solution
> but I am mainly concerned about reading important information out of
> an iframe site.
>
> Say, there's a site which uses an autologin facility to automatically
> log their users in when the site is opened.
>
> Malicious guy #1 prepares a site that loads the same site in an iframe.
You cannot get to that information cross-origin.
--
Anne van Kesteren
http://annevankesteren.nl/
More information about the whatwg
mailing list