[whatwg] Clickjacking and CSRF
sigbjorn at opera.com
Fri Feb 20 07:22:39 PST 2009
On Fri, 20 Feb 2009 16:00:09 +0100, Giorgio Maone <g.maone at informaction.com> wrote:
> Sigbjørn Vik wrote, On 20/02/2009 15.46:
>> There is currently little protection against clickjacking, the
>> x-frame-options is the first attempt.
> Nope, it's the second and weakest:
I stand corrected. I was thinking too narrow-mindedly, from a browser vendor perspective. Frame busting is another existing alternative.
More information about the whatwg