On Tue, 02 Aug 2011 12:48:06 +0200, Dennis Joachimsthaler
<den...@efjot.de> wrote:
I agree that just disallowing that the page gets shown is one solution
but I am mainly concerned about reading important information out of
an iframe site.
Say, there's a site which uses an autologin facility to automatically
log their users in when the site is opened.
Malicious guy #1 prepares a site that loads the same site in an iframe.
You cannot get to that information cross-origin.
--
Anne van Kesteren
http://annevankesteren.nl/