W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2011

[whatwg] Prevent a document from being manipulated by a "top" document

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 02 Aug 2011 13:00:48 +0200
Message-ID: <op.vzk17mp864w2qv@annevk-macbookpro.local>
On Tue, 02 Aug 2011 12:48:06 +0200, Dennis Joachimsthaler  
<dennis at efjot.de> wrote:
> I agree that just disallowing that the page gets shown is one solution
> but I am mainly concerned about reading important information out of
> an iframe site.
>
> Say, there's a site which uses an autologin facility to automatically
> log their users in when the site is opened.
>
> Malicious guy #1 prepares a site that loads the same site in an iframe.

You cannot get to that information cross-origin.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Tuesday, 2 August 2011 04:00:48 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:35 UTC