Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The Dangers of Clickjacking with Facebook. theharmonyguy compiled a list of actions that can be triggered on Facebook by a single click, and hence are vulnerable to clickjacking attacks. The list includes authorising malicious applications, posting links to profiles, sending friend requests and sending messages to other users. Why don’t Facebook include frame busting JavaScript on every page?

Posted 23rd December 2009 at 10:20 am

Tagged , , , , ,

1 comment

  1. It'd be pretty hypocritical, given their framing of the entire web.

    Also, it isn't clear that it's a winnable war:
    http://stackoverflow.com/questions/958997/frame-bu ster-buster-buster-code-needed

    Then again, maybe it's simple neglect.

    Jeremy Dunck - 23rd December 2009 14:09 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site