- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Tue, 7 Jun 2011 09:56:08 -0700
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: public-web-security@w3.org
>> 2) What if the button is visible (and therefore interactive), but only >> for a very short period of time before a premeditated click (not >> enough to give the user a chance to respond)? > This is something the host page could detect right? How long the mouse > is hovered over. And for that part - sort of, though not very easily (there are many odd corner cases, plus considerations with accessibility technologies or keyboard browsing). But most importantly, it's ugly, like framebusting or referrer clicking. Browser-enforced minimum visibility would probably be a useful part of a proposal like that. But that brings us pretty close to the original whatwg discussion ;-) /mz
Received on Tuesday, 7 June 2011 16:57:04 UTC