Defeated clickjacking attack

1 view
Skip to first unread message

Alan Karp

unread,
Aug 30, 2025, 5:58:37 PM (9 days ago) Aug 30
to <friam@googlegroups.com>
with help from perplexity.ai.

DOM elements of type "popover" and "dialog" live in a special top layer that obscures elements that overlap them even though those elements might have a larger z-index and test as being on top.  I defeat using them for clickjacking by not attaching the click handler to the password fields if an element of either of those types overlaps them.  

If some page does use popover or dialog to overlap the password field for legitimate reasons, you'll have to copy/paste your username and password.  Anyone want to bet that you'll actually encounter that case?  

--------------
Alan Karp
Reply all
Reply to author
Forward
0 new messages