Hacker News new | past | comments | ask | show | jobs | submit login

I’m reminded of a webpage that claimed to know your pin for your credit card; just do a find in page to see! In reality, it just had all 10,000 possible numbers listed in numerical order



Pro tip: lots of banks let you set a pin longer than 4 digits.


Once you search for it, then the web page could actually know.


Is this true? I wasn’t aware that websites could capture your find-in-page searches. I’d be interested to know if they can capture your key events when the find-in-page box has focus. Intuition tells me they can’t, and that it would be outside of the websites “sandbox”. But I can’t say for sure.


At the very least, javascript can tell where you are scrolled to on the page. With minor cleverness that should be enough.


Indeed, this is what I was thinking.


In most modern browsers you can't capture this when find-in-page box has focus. Only if you manually select text after searching can you capture it (or, like the other reply stated: capture the scroll distance).

But you could easily disable ctrl+f and throw up your own search box with keypress capture. Not all browsers show the search box outside of the browser viewport, and even for those that do (such as Chrome), you could display a hovering modal inside the viewport, as most users won't remember the exact location of the search box.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: