Hacker News new | past | comments | ask | show | jobs | submit login

really? How would you detect a clientside script like this?



    function validateClickEvent(e) {
        var r = e.target.getBoundingClientRect();
        if (e.x >= r.left && e.x <= r.right && e.y >= r.top && e.y <= r.bottom) {
            console.log('looks legit');
        } else {
            console.log('faked click');
        }
    }
Set this as the click handler. The click method is browser specific, but on Chrome the x/y coordinates on the event will be incorrect. A smarter script could fool this, though.


I don't know much javascript, but that looks extremely error prone to me. How would it behave in different monitor sizes? With zoomed in/out screens? On mobiles, tablets, etc?

And it would still be pretty easy for a cheating script to work cheat your validation!


It's just an example, but zoom should scale both the element coordinates and the mouse coordinates. This sort of validation can be made a lot more elaborate.


thebutton.dispatchEvent( new MouseEvent('click', {clientX:(r.left+r.right)/2, clientY:(r.top+r.bottom)/2}));

Or something along those lines!! :)


They could make their own implementation of setInterval and report you as a cheater when you use it.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: