Friday, 24 August 2007
As the browser manufacturers add new features they can sometimes overlook the security implications which can often seem minor. I’ve found two such features which I think could cause problems.
Iframes can be manipulated to show only a small area of the screen, even worse you can actually overlay any other item over the top of it. Using nested iframes you can position them in such a way that it would be impossible for a normal user to know which site they are interacting with.
I’ve added a CSS scripting demo which shows CSS is going beyond just presentation.
The following demos were tested on Firefox:-