This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Clickjacking Defense Cheat Sheet

From OWASP
Jump to: navigation, search

Javascript based solution : are they good now

Considering the fact that people can disable javascript in framed page should we be recommending Javascript based solution for Clickjacking or we should all bet for just XFO.

I can understand this (javascript based solution) could be a good option when the site can't function without javascript enabled however any site which has script enabled just for this feature can again be victimized using iframe property like sandbox="allow-forms allow-scripts"

--Anant Shrivastava (talk) 01:48, 22 June 2014 (CDT)