Simon Willison’s Weblog

Items tagged clickjacking, javascript, security, iframe in Jan, 2009

Filters: Year: 2009 × Month: Jan × clickjacking × javascript × security × iframe ×

Ehy IE8, I Can Has Some Clickjacking Protection? (via) IE8 has built-in protection against clickjacking, but it’s opt-in (with a custom HTTP header) and IE only. It turns out the usual defence against clickjacking (using framebusting JavaScript) doesn’t work in IE as it can be worked around with a security=“restricted” attribute on an iframe. # 29th January 2009, 1:39 pm