Full Disclosure mailing list archives
Re: Clickjacking (?) on Facebook.com (Question)
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 12 Dec 2013 17:11:59 -0800
But I wouldn't consider it a failing on part of the targeted website - you'd need to put essentially everything behind XFO to fix this problem on application level, which is not feasible for a good number of websites (including FB, because they have a variety of gadgets that are meant to be framed).Or use JS to make it impossible to select text or so.
Doesn't work for non-HTML content, such as JSON responses, images, etc :-) /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Clickjacking (?) on Facebook.com (Question) Stefan Schurtz (Dec 11)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Stefan Schurtz (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Nahuel GrisolĂa (Dec 13)
- Re: Clickjacking (?) on Facebook.com (Question) Stefan Schurtz (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)