This was an incomplete attempt at a drag-and-drop UXSS technique. The idea was to trick a user into dragging selected text from a cross-origin IFrame into an attacker-controlled drop target, leaking the selected content. The approach involved overlaying a transparent IFrame over fake UI elements and monitoring mouse movement to detect when the user initiated a drag.

// Semi-transparent IFrame positioned over fake "Terms of Service"
// The user scrolls to the bottom and clicks "I ACCEPT"
// Meanwhile, their drag gesture is captured
var wMouseDown = false;
var stage = 0;

setInterval('eventReceiver.fireEvent("onkeydown")', 10);

document.onmousedown = function() { wMouseDown = true; };
document.onmouseup = function() { wMouseDown = false; };

// When mouse moves down while pressed inside the IFrame,
// reposition the IFrame to align text with the drop zone

The technique was never completed to a reliable proof of concept. The mouse tracking via setInterval and synthetic key events was fragile, and the geometry of the overlay had to be precisely calibrated for each target page. It is noted here for completeness, as the underlying idea — that drag-and-drop could be used to exfiltrate cross-origin text selections — was a real concern that browser vendors later addressed.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.