W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2009

[whatwg] Clickjacking and CSRF

From: Giorgio Maone <g.maone@informaction.com>
Date: Fri, 20 Feb 2009 16:00:09 +0100
Message-ID: <499EC579.3040804@informaction.com>
Sigbj?rn Vik wrote, On 20/02/2009 15.46:
> There is currently little protection against clickjacking, the 
> x-frame-options is the first attempt.
Nope, it's the second and weakest:
http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/
http://noscript.net/faq#clearclick
--
Giorgio Maone
http://hackademix.net
Received on Friday, 20 February 2009 07:00:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:47 UTC