W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2009

[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

From: Giorgio Maone <g.maone@informaction.com>
Date: Wed, 18 Feb 2009 21:38:43 +0100
Message-ID: <499C71D3.9040904@informaction.com>
Bil Corry wrote, On 18/02/2009 21.31:
> Boris Zbarsky wrote on 2/18/2009 9:27 AM: 
>   
>> And really no different from:
>>
>>   <script>
>>     if (window != window.top)
>>       window.top.location.href = window.location.href;
>>   </script>
>>
>> in effect, right?  This last already works in all browsers except IE,
>> which is presumably why IE felt the need to add another way to do it.
>>     
>
> Supposedly, a future release of IE8 will fix this (see Issue #4):
>
> 	http://ha.ckers.org/blog/20081007/clickjacking-details/
>   
I doubt we'll see a "fix" for <iframe security=restricted> ;)
-- G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090218/ce10f48c/attachment.htm>
Received on Wednesday, 18 February 2009 12:38:43 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:09 UTC