Hacker News new | past | comments | ask | show | jobs | submit login

I am using that in my second browser, but I am not as confident in it as all that stands between the user and executing a plugin again is a clickjack

I'd rather have complete separation

Doing a proof-of-concept on a 'click to play' to run a plugin is something that I have been meaning to do




It's not that easy, I think Chrome has some good anti-clickjacking algorithm implemented. I remember once I couldn't enable a Flash video on one site because it had an overlay advert over part of it.

Moreover, you have to right-click and then click "Run this plugin" from the native Chrome menu. I doubt you can create any overlay over native browser's menu.


> Moreover, you have to right-click and then click "Run this plugin" from the native Chrome menu. I doubt you can create any overlay over native browser's menu

It must be different on Windows. I have it enabled on my Mac and it requires a single click to enable a plug-in.


Good to know. Indeed I am on Windows.


Interesting. Please post it on HN if you get a proof of concept.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: