Simon Willison’s Weblog

Subscribe
Atom feed for joey-tyson

1 item tagged “joey-tyson”

2010

Facebook Adds Code for Clickjacking Prevention. Clever technique: Facebook pages check to see if they are being framed (using window.top) and, if they are, add a div covering the whole page which causes a top level reload should anything be clicked on. They also log framing attempts using an image bug.

# 13th March 2010, 10:42 am / clickjacking, facebook, framing, joey-tyson, phishing, security