They would be great additions, thanks.
2. scriptwillexecute/scriptdidexecute events
Notice that Opera has a richer set of eventsof this kind (exsposed to
"privileged" User Scripts, though, AFAIK), allowing for much more control over
the executing scripts, no matter if from script elements, ev
I believe the spec is trying to stigmatize old-times spacer images used
to layout other HTML elements, like
which are overly ugly and meaningless now that there's nothing you can't
layout by CSS.
-- G
Ingo Chao wrote, On 28/04/2010 13.31:
http://dev.w3.org/html5/spec/Overview.html#the-img-
).
I'm chatting with their security staff right now, and they're enthusiast
of this development (especially of WebKit support).
Cheers
--
Giorgio Maone
http://hackademix.net
http://noscript.net
=JeffH wrote, On 20/09/2009 1.59:
Of possible interest to public-html@ & wh
cking attacks more precise, by exactly positioning
the frame content where the attacker wants it to be.
Not that you cannot already be pixel-precise by using absolute
positioning inside an overflow: hidden div...
Let's say it would make them even more script-kiddies friendly.
--
Giorgio Maone
On Fri, 20 Feb 2009 19:36:47 +0100, Bil Corry wrote:
Sigbjørn Vik wrote on 2/20/2009 8:46 AM:
One proposed way of doing this would be a single header, of the form:
x-cross-domain-options: deny=frame,post,auth; AllowSameOrigin;
allow=*.opera.com,example.net;
This incorporates the idea from the
Sigbjørn Vik wrote, On 20/02/2009 15.46:
There is currently little protection against clickjacking, the
x-frame-options is the first attempt.
Nope, it's the second and weakest:
http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/
http://noscript.net/faq#clearclick
--
Gi
Bil Corry wrote, On 18/02/2009 21.31:
Boris Zbarsky wrote on 2/18/2009 9:27 AM:
And really no different from:
if (window != window.top)
window.top.location.href = window.location.href;
in effect, right? This last already works in all browsers except IE,
which is presumably
Ian Hickson wrote, On 18/02/2009 12.43:
3) Add an on-by-default mechanism that prevents UI actions to be taken
when a document tries to obstruct portions of a non-same-origin frame.
By carefully designing the mechanism, we can prevent legitimate uses
(such as dynamic menus that overlap w