Btw, X-FRAME-OPTIONS is only needed for Webkit.. IE's filter is compatible with the aforementoned solution. -- Eduardo http://www.sirdarckcat.net/ Sent from Hangzhou, 33, China On Tue, Dec 8, 2009 at 2:10 PM, sird@rckc.at <sird@rckc.at> wrote: > So now we should convince all developers in the world to start changing > their layout to that haha.. > > Nah I'm kidding.. this code + X-FRAME-OPTIONS should protect people against > clickjacking: > > <html> > <head> > <script type="text/javascript">if(top!=self)document.write("<plaintext > style=display:none>");</script> > <noscript><plaintext style=display:none/></noscript> > > Greetings!! > > -- Eduardo > http://www.sirdarckcat.net/ > > Sent from Hangzhou, 33, China > > On Tue, Dec 8, 2009 at 2:07 PM, Adam Barth <w3c@adambarth.com> wrote: > >> On Mon, Dec 7, 2009 at 9:23 PM, sird@rckc.at <sird@rckc.at> wrote: >> > Adam, the Webkit XSS Filter can disable twitter's protection: >> >> Oh, I thought they were doing something more clever. >> >> > So actually... in my opinion, the correct way is this one: (idea by >> david >> > ross) >> > >> > http://sla.ckers.org/forum/read.php?2,32339#msg-32343 >> >> Ah, that's cute. David Ross is a smart guy. >> >> Adam >> > >Received on Tuesday, 8 December 2009 06:14:08 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT