- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Thu, 20 Jan 2011 18:06:51 -0800
- To: Daniel Veditz <dveditz@mozilla.com>
- Cc: Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org, Lucas Adamski <ladamski@mozilla.com>
> Or maybe the HTML group. Clickjacking is baked into the current > standards and the people most involved in those standards may be > required to compromise on them. For example, one simple-minded > solution might be to dis-allow events targeted at cross-origin > frames that meet some spoofing criteria (small, obscured, nested, > scrolled, etc). I proposed this several years ago, before all the public attention clickjacking managed to get: http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-September/016327.html ...but the response to any solutions that require any UI logic was overwhelmingly negative. /mz
Received on Friday, 21 January 2011 02:07:44 UTC