The documentation at https://github.com/OfficeDev/office-js-docs/blob/master/docs/develop/privacy-and-security.md#tips-to-prevent-clickjacking lists several ways to prevent clicks, by User confirmation before performing potentially dangerous actions.
I was wondering if it would not be safe to display any user interface on the page until it was called Office.initialize? Or is there a way for an iframe attacker to add my add-on on their page and somehow replace the Office SDK with a malicious version?
Office.initialize
, . , , . , , .
Source: https://habr.com/ru/post/1692414/More articles:iOS: server calls in the background often lead to timeouts - iosNoClassDefFoundError: JavacProcessingEnvironment at runtime after updating tomcat 8 - javaLaravel save () if the relation already exists - phpFargate with Docker make up links - dockerContainer binding in AWAR Fargate - amazon-web-servicesGit reload interactive blank identity - gitШаблоны проектов Xcode с схемами - iosПочему вводить концепцию для вывода типа спецификатора невозможно, если одно и то же ограничение должно выводить разные типы? - c++Splitting text into pieces (Javascript, regex) - javascriptHow to return an array as an API resource in laravel 5.5 - jsonAll Articles