tag:blogger.com,1999:blog-8508344381521415235.post3649410494391767283..comments2024-02-10T02:19:53.889-08:00Comments on Egor Homakov: Bypassing ClearClick and X-Frame-Options:Visiblehomakovhttp://www.blogger.com/profile/10492045246792330280noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-8508344381521415235.post-65110051649857237492014-09-03T07:57:07.128-07:002014-09-03T07:57:07.128-07:00it is true that moving iframe under cursor quickly...it is true that moving iframe under cursor quickly will still technically work. But it will be much less reliable. Maybe you have other ideas to fix this problem?homakovhttps://www.blogger.com/profile/10492045246792330280noreply@blogger.comtag:blogger.com,1999:blog-8508344381521415235.post-7872177147702263792014-09-03T03:42:59.613-07:002014-09-03T03:42:59.613-07:00Your proposed X-Frame-Option:Visible option won...Your proposed X-Frame-Option:Visible option won't fix likejacking. Instead of making the iframe invisible, an attacker can still put it in a place invisible to the user, e.g. left:-9000px, and/or make it 1x1px in size. When it is most likely the user will click (based on mouse position or a previous click), the attacker just puts the iframe under the victim's cursor. As a result, the tricks you describe here will still work.Anonymoushttps://www.blogger.com/profile/01087585885451347372noreply@blogger.com