Reputation: 1042
Most current framebusting javascript?
I need to add a javascript-based framebuster for my web application that helps prevent clickjacking (or Cross Frame Scripting) attacks for legacy browsers that don't support X-FRAME-OPTIONS.
After searching the internet, I found that currently there seems to be two approaches, shown below. Being a complete newbie at javascript, I prefer approach 1 for its simplicity..
My question is - are both approaches still valid at this time or is any of them already "busted"?
EDIT: changed my question to ask about both approaches instead of just approach 1.
Approach 1 (from http://en.wikipedia.org/wiki/Framekiller#Modern_framekiller):
if (self == top) {
document.documentElement.style.display = 'block';
} else {
top.location = self.location;
}
Approach 2 (from https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#Best-for-now_Legacy_Browser_Frame_Breaking_Script):
<style id="antiClickjack">body{display:none !important;}</style>
<script type="text/javascript">
if (self === top) {
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
top.location = self.location;
}
</script>
Many thanks.
Upvotes: 4
Views: 2022
Answers (0)
Related Questions
- Frame Buster Buster ... buster code needed
- How to implement Frame Buster Javascript in iframe
- Selective frame-busting Javascript
- Bypassing Frame buster
- Alternative Anti Frame Buster
- Busting a tough FRAME killer
- Preventing frame busting with access to page source
- Javascript frame killer that still allows frames from own domain?
- Can you beat a frame breaker?
- Frame buster buster