For everyone talking about JavaScript: As far as I can tell, this is fundamental... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

chc on March 6, 2012 | parent | context | favorite | on: Cursor:none abuse (trick users into clicking Faceb...

For everyone talking about JavaScript: As far as I can tell, this is fundamentally a CSS vulnerability. Something quite similar ought to be possible without JavaScript — it would just be a bit less elegant. For example, you could just make a pixel grid of divs to simulate mousemove events and position the fake cursor with CSS hover styles.

jonny_eh on March 6, 2012 | [–]

Sounds plausible (and I'd love to see an example!), but would hardly be worth the effort if JS would catch 99% of the victims.

_kgwq on March 6, 2012 | [–]

Actually just CSS won't work in this case - because the Facebook Like button is within an iFrame. This works because Javascript cycles show/hide a transparant div above the Like button.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact