[cap-talk] If a user is clickjacked in a forest, does it leak authority?
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Thu Mar 26 21:43:37 EDT 2009
Chip Morningstar wrote:
> If I understand things properly, a clickjacking attack on Page A can trick the
> user into opening a window onto Page B, but once that has happened, the
> attacker is not left with any means to actually wield the authorities on Page B
> nor any obvious (to me) means to trick the user into wielding one of those
> authorities on its behalf.
No, a clickjacking attack can trick the user into pressing an arbitrary
button on page B, for example, without the button being visible.
--
David-Sarah Hopwood ⚥
More information about the cap-talk
mailing list