Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The Google OAuth attack is pretty sneaky indeed. I noticed the popup being created, positioned, and hidden upon the first click but I highly doubt most regular users would. I wish there was an option in Chrome to force new tabs to be opened instead of new windows and to completely disable popups for all sites, always. I can't think of any reason why a site needs popup anymore, especially since IFrames, OAuth, LightBox, JSONP etc. can handle pretty much all the rich-media use cases.


I agree. But on the other hand, lightbox style advertisements are just popups that you have to actually click to close, instead of command-W.


Solved in ChromeOS.


Just use Firefox with browser.link.open_newwindow.restriction = 0?


Yeah, here FF just opened a new tab ("Clickjacking is asking to...").

Well, no, actually it just showed the instructions - NoScript is awesome - but after I enabled scripts, it opened the tab.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: