On Mon, 26 Jan 2009, Biju g...@il wrote: > > At http://bijumaillist.googlepages.com/2in1.html > i have iframed http://bijumaillist.googlepages.com/dnd.html > and http://www.whatwg.org/demos/2008-sept/dnd/dnd.html > > Now I can drag items between iframes. > This is good when we do mashups. > > But I wonder whether this will create a similar vulnerability like > Click Jacking. > - ie, A cross site DnD Jacking > > So how can I... > 1. say to where all (domain) things can be dragged? > 2. find from which domain things are dropped. > 3. find the handle of source window at destination and vice versa. > 4. while we in ondragenter/ondragover phase find what will be dropped later.
The solutions to click-jacking that have been proposed (see my recent reply to that thread) should take care of these too. I'll make sure to keep this in mind, though. Cheers, -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
