Simon Willison’s Weblog

Items tagged clickjacking, javascript, security, iframe, ie8 in 2009

Filters: Year: 2009 × clickjacking × javascript × security × iframe × ie8 ×

Ehy IE8, I Can Has Some Clickjacking Protection? (via) IE8 has built-in protection against clickjacking, but it’s opt-in (with a custom HTTP header) and IE only. It turns out the usual defence against clickjacking (using framebusting JavaScript) doesn’t work in IE as it can be worked around with a security=“restricted” attribute on an iframe. # 29th January 2009, 1:39 pm