Not my intention to preempt the vote, but I closed the above ticket after marking it as "Not a Bug", as the request itself can't be implemented regardless of ethics. I also added a comment explaining why.
Luckily, browser vendors have developed active countermeasures to stop such snooping, but it is an ongoing battle and older/misconfigured browsers are still vulnerable. I'm not sure how much we can really do about someone extending our code given that it is open source. Additionally, there are other libraries with comparable capabilities regardless. All I can see us doing is actively discouraging its misuse, but that would likely only discourage those who had no ill intentions anyways. Rob On Tue, Aug 6, 2019 at 5:47 PM Rob Foley (JIRA) <j...@apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/FLAGON-437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Rob Foley closed FLAGON-437. > ---------------------------- > Resolution: Not A Bug > > This is not possible due to browser security restrictions, and there are > likely no browser settings that would disabled the restrictions, as it is > something that browser vendors are _actively_ trying to prevent. > > For example, imagine if you went to some malicious website and it opened a > social media page (e.g. Facebook) in a fullscreen iframe to make it appear > as though you were on the other site. If the page could capture your > clicks/actions they'd effectively be able to control/spy on everything you > do. > > If the goal is just to be able to capture events in nested iframes, then > the UserALE WebExtension could probably be extended to inject the script > tag into iframes as they are loaded, however I don't believe that is > supported in the current version and it certainly isn't a bug. > > > not capturing click events inside iframe > > ---------------------------------------- > > > > Key: FLAGON-437 > > URL: https://issues.apache.org/jira/browse/FLAGON-437 > > Project: Flagon > > Issue Type: Bug > > Components: builds > > Affects Versions: UserALE.js 2.1.0 > > Environment: OS: Linux > > Reporter: shubham chitransh > > Priority: Major > > > > I am creating a web scraping website where i'll ask user for the url and > will open that url inside iframe and will capture all his activities. But > userale.js is not logging click events inside iframe. > > > > -- > This message was sent by Atlassian JIRA > (v7.6.14#76016) >
