logoalt Hacker News

unfocsotoday at 12:31 AM2 repliesview on HN

"Press here to view the content", there's already plenty in the wild that grant access to notifications with deceptive buttons.


Replies

sheepttoday at 1:24 AM

The similar <geolocation> element has clickjacking prevention enforced by the browser[0], and even if the website finds a way around it, it still shows the normal permission prompt.[1]

[0]: https://developer.mozilla.org/en-US/docs/Web/API/HTMLGeoloca...

[1]: https://mdn.github.io/dom-examples/geolocation-element/basic... (requires Chromium)

show 2 replies
cwmooretoday at 12:58 AM

“targeted and functional controls for accessing camera and microphone streams”