Hacker News new | ask | show | jobs
by tptacek 4817 days ago
Isn't that exactly the kind of framebuster Boneh says doesn't work?
1 comments
homakov 4816 days ago
I don't think so, what bypasses this one? (besides sandbox and XSS Auditor trick)
link
tptacek 4816 days ago
Read the paper I posted up thread.
link
homakov 4816 days ago
Table 2: Frame busting conditional statement

we consider following tricks:

document.write('')

setTimeout(function(){document.body.innerHTML='';},1);

window.self.onload = function(evt){document.body.innerHTML='';}

None of them was bypassed further in the paper. (I used Ctrl+F)

link
homakov 4816 days ago
double checked http://seclab.stanford.edu/websec/framebusting/framebust.pdf there are many parent-navigation bypasses in this paper but nothing for innerHTML='' (not taking into account sandbox and xss auditor)
link