|
|
|
|
|
|
by ororlrlrlylyly
4706 days ago
|
|
|
Although... Does this not require one to click on a link in a framed google translate page before displaying its payload? In other words, it doesn't seem like one could simply submit a URL to HN that, when clicked, displays some inauthentic news headline on your screen with a GUC.com address in the location bar. Is that not correct? |
|
|
1) chrome blocks straightforward window.open if no click happened
2) user doesn't really expect automatic popup. So it's not how phishing should behave
3) yes, it CAN work similarly on HN, in case you are Paul Graham (if you can change HTML on front page)