Hacker News new | past | comments | ask | show | jobs | submit login

Any reason you couldn't just outright black out any pixels covered by different-origin iframes?



Even some same-origin things, for example input type=file, which can reveal paths on the local filesystem, would have to be blanked out.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: