Hacker News new | ask | show | jobs
by gregorkas 4777 days ago
You could load gmail or facebook or any other site in an iframe and tell the user to login, but you would intercept his credentials with javascript.
2 comments
waltz 4777 days ago
Hmm that is a fair point.

Maybe a more secure alternative to iframes can emerge. Something like Chrome's WebViews.

Even though as of right now native browsers can intercept your data as well, it's a matter of trusting the tool.

link
gcb0 4777 days ago
How exactly do you use javascript cross domain like that? i'd love to know.
link
gregorkas 4777 days ago
You don't. You register a key press event listener on the main page and when the user types into the iframe, you can catch the strokes.

Example: http://www.jayssite.com/misc/iframesample.html (not my site, I googled it)

link
gcb0 4776 days ago
i don't think this example is cross-domain...
link