Defeated clickjacking attack

[Alan Karp]

with help from perplexity.ai.

DOM elements of type "popover" and "dialog" live in a special top layer that obscures elements that overlap them even though those elements might have a larger z-index and test as being on top.  I defeat using them for clickjacking by not attaching the click handler to the password fields if an element of either of those types overlaps them.  

If some page does use popover or dialog to overlap the password field for legitimate reasons, you'll have to copy/paste your username and password.  Anyone want to bet that you'll actually encounter that case?  

--------------
Alan Karp