Hi all,
I want to add one comment on this. If you can IFRAME it, you can click-jack it using the opacity, z-index, some CSS positioning tricks. Allowing the 'Yes, I want free porn' button to auto-authorize someone's app to post as a user is a Bad Thing™. I saw the popup flow from Brooks and that seems like a much better choice.
Thanks; — Matt On Mar 20, 2009, at 08:24 PM, Scott Carter wrote:
For the case where the user is already logged in, there doesn't appear to be any risk here.
