[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
Giorgio Maone
g.maone at informaction.com
Wed Feb 18 12:38:43 PST 2009
Bil Corry wrote, On 18/02/2009 21.31:
> Boris Zbarsky wrote on 2/18/2009 9:27 AM:
>
>> And really no different from:
>>
>> <script>
>> if (window != window.top)
>> window.top.location.href = window.location.href;
>> </script>
>>
>> in effect, right? This last already works in all browsers except IE,
>> which is presumably why IE felt the need to add another way to do it.
>>
>
> Supposedly, a future release of IE8 will fix this (see Issue #4):
>
> http://ha.ckers.org/blog/20081007/clickjacking-details/
>
I doubt we'll see a "fix" for <iframe security=restricted> ;)
-- G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090218/ce10f48c/attachment-0001.htm>
More information about the whatwg
mailing list