[whatwg] cross-domain scrollIntoView on frames and iframes

On Sun, Apr 5, 2009 at 1:09 AM, Giorgio Maone <g.maone at informaction.com> wrote:
> It would make clickjacking attacks more precise, by exactly positioning the
> frame content where the attacker wants it to be.
> Not that you cannot already be pixel-precise by using absolute positioning
> inside an overflow: hidden div...
> Let's say it would make them even more script-kiddies friendly.

Hum...  That doesn't sound that bad.  If you're relying on the
obscurity of pixel offsets for a clickjacking defense, then you've got
bigger problems than scrollIntoView.

Adam

Received on Sunday, 5 April 2009 22:32:10 UTC