This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Clickjacking Defense Cheat Sheet
From OWASP
Revision as of 06:48, 22 June 2014 by Anant Shrivastava (talk | contribs)
Javascript based solution : are they good now
Considering the fact that people can disable javascript in framed page should we be recommending Javascript based solution for Clickjacking or we should all bet for just XFO.
I can understand this (javascript based solution) could be a good option when the site can't function without javascript enabled however any site which has script enabled just for this feature can again be victimized using iframe property like sandbox="allow-forms allow-scripts"
--Anant Shrivastava (talk) 01:48, 22 June 2014 (CDT)