Help me understand something here, please...
"When the iframe processes the click event, it has no way to determine that its content was not faithfully displayed on the screen," the W3C's explainer says. "Using IntersectionObserver V2, code running inside the iframe can get a strong guarantee from the implementation that its content was completely visible and unmodified for some minimum length of time before the click."
I don't understand how this helps. So the target element knows that it was displayed, unobscured for x seconds before receiving a click. Great. But surely the whole issue of click-jacking is that the target element never gets the click?
What am I missing?
Biting the hand that feeds IT
