W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2011

[whatwg] Prevent a document from being manipulated by a "top" document

From: Dennis Joachimsthaler <dennis@efjot.de>
Date: Tue, 02 Aug 2011 13:05:07 +0200
Message-ID: <op.vzk2etaj48yz2f@dennis-work.fritz.box>
Am 02.08.2011, 13:00 Uhr, schrieb Anne van Kesteren <annevk at opera.com>:

> On Tue, 02 Aug 2011 12:48:06 +0200, Dennis Joachimsthaler  
> <dennis at efjot.de> wrote:
>> Say, there's a site which uses an autologin facility to automatically
>> log their users in when the site is opened.
>> Malicious guy #1 prepares a site that loads the same site in an iframe.
> You cannot get to that information cross-origin.

It is not possible anyway? That kind of renders my worries baseless.

But this use case still holds: Userscripts and addons could still read
out everything from the sites.

It might be way too much a niche case though.
Received on Tuesday, 2 August 2011 04:05:07 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:35 UTC