Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The Dangers of Clickjacking with Facebook. theharmonyguy compiled a list of actions that can be triggered on Facebook by a single click, and hence are vulnerable to clickjacking attacks. The list includes authorising malicious applications, posting links to profiles, sending friend requests and sending messages to other users. Why don’t Facebook include frame busting JavaScript on every page?

Posted 23rd December 2009 at 10:20 am

Tagged , , , , ,

2 comments

  1. It'd be pretty hypocritical, given their framing of the entire web.

    Also, it isn't clear that it's a winnable war:
    http://stackoverflow.com/questions/958997/frame-bu ster-buster-buster-code-needed

    Then again, maybe it's simple neglect.

    Jeremy Dunck - 23rd December 2009 14:09 - #

  2. I will recommend my friends to read this. Bottes UGGI am quite sure they will UGG Pas Cher learn lots of new stuff here than anybody else!

    ugg pas cher - 29th October 2011 03:13 - #

Comments are closed.
A django site