
Hijacking your GitHub in one click - homakov
https://homakov.github.io/backclickjack.html
======
homakov
This is a bit of a clickbait, sorry. It is not a vulnerability in Github, but
simply <link rel="prerender" href="..."> that loads the page in a hidden tab
and instantly loads it when you're about to click.

You can do same to any 1-click dialog. After you approved, consider yourself
pwned - few seconds is enough to steal all your private repos.

