On Fri, 20 Feb 2009 16:00:09 +0100, Giorgio Maone <g.ma...@informaction.com>
wrote:
Sigbjørn Vik wrote, On 20/02/2009 15.46:
There is currently little protection against clickjacking, the
x-frame-options is the first attempt.
Nope, it's the second and weakest:
http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/
http://noscript.net/faq#clearclick
I stand corrected. I was thinking too narrow-mindedly, from a browser vendor
perspective. Frame busting is another existing alternative.
--
Sigbjørn Vik
Quality Assurance
Opera Software
