How to prevent Clickjacking

Validation through Javascript

One of the first methods of protection has been to place the following Javascript source code, on website, which understands that the window is in iframe, and immediately moves the window to the top level.

if (top != window) {
    top.location = window.location;
}

There are different methods for circumventing this protection method. One of them is an attribute sandbox in iframe tag, which prohibits the execution of Javascript. To circumvent this protection, it is sufficient not to specify allow-top-navigation in value of sandbox attribute.

<iframe sandbox="allow-scripts allow-forms" src="twitter.html"></iframe>

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  Quiz →