How do you use your JavaScript framework to prevent clickjacking?

Question

How do you use your JavaScript framework to prevent clickjacking?

I have been using a custom function for some time to prevent click on some sites. However, I was surprised to see there is not so much how to do it “idiomatically” using various popular JavaScript frameworks.

Are there any jQuery, Dojo, YUI, and / or ExtJS users who used their infrastructure to implement click protection? I would like to see examples!

+4

javascript security

TML May 04, '09 at 18:51

source share

2 answers

It's not so easy. The top frame may prevent the page from loading. I would use the following code to get around it:

 if (window.top !== window.self) { window.top.location.replace(window.self.location.href); alert('For security reasons, frames are not allowed.'); setInterval(function(){document.body.innerHTML='';},1); }

It uses alert () to give the browser loading time for a new page. And this leaves no elements that can be clicked if all else fails.

See full problem description: frame-buster-buster-buster-code-needed

+2

Ivo Danihelka Nov 10 '09 at 19:46

source share

Pim jager · Accepted Answer · 2009-05-04T18:57:15+0000

Why use a library? You could just do:

var all = document.getElementsByTagName('iframe'), l = all.length; while (l--) all[l].parentNode.removeChild(all[l]);

But if you really feel that you need a library. In jquery this is pretty simple, just find all iframes and delete them.

 $(document).ready( function() { $('iframe').remove(); });

How do you use your JavaScript framework to prevent clickjacking?

More articles: