W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2008

[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

From: Maciej Stachowiak <mjs@apple.com>
Date: Thu, 25 Sep 2008 20:12:18 -0700
Message-ID: <C1F10F66-5967-4000-9C34-2659F27F20B3@apple.com>

On Sep 25, 2008, at 8:07 PM, Maciej Stachowiak wrote:

>
> On Sep 25, 2008, at 3:23 PM, Michal Zalewski wrote:
>
>> On Thu, 25 Sep 2008, Maciej Stachowiak wrote:
>>
>>>> C) Treat a case where top-left corner of the IFRAME is drawn out of
>>>>   a visible area (CSS negative margins, etc) as a special case of
>>>>   being obstructed by the owner of a current rendering rectangle
>>>>   (another IFRAME or window.top) and carry out the same comparison.
>>>
>>> Isn't this likely to come up any time you have a scrollable  
>>> iframe, or one with overflow: hidden? And why top left but not  
>>> bottom right?
>>
>> I meant, corner of the container, rather than actual document  
>> rendered within.
>
> Then can't you work around the restriction by scrolling the contents  
> inside the iframe and sizing it carefully? (One way to scroll an  
> iframe to a desired position is to load a URL containing an anchor  
> link

Sorry, got cut off here. One way to scroll is to load a URL including  
a fragment identifier pointing to an element inside the target document.

  - Maciej
Received on Thursday, 25 September 2008 20:12:18 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:05 UTC