[cap-talk] If a user is clickjacked in a forest, does it leak authority?

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Thu Mar 26 21:43:37 EDT 2009


Chip Morningstar wrote:
> If I understand things properly, a clickjacking attack on Page A can trick the
> user into opening a window onto Page B, but once that has happened, the
> attacker is not left with any means to actually wield the authorities on Page B
> nor any obvious (to me) means to trick the user into wielding one of those
> authorities on its behalf.

No, a clickjacking attack can trick the user into pressing an arbitrary
button on page B, for example, without the button being visible.

-- 
David-Sarah Hopwood ⚥



More information about the cap-talk mailing list