[homakov]

I don't think so, what bypasses this one? (besides sandbox and XSS Auditor trick)

[tptacek]

Read the paper I posted up thread.

[homakov]

Table 2: Frame busting conditional statement

we consider following tricks:

document.write('')

setTimeout(function(){document.body.innerHTML='';},1);

window.self.onload = function(evt){document.body.innerHTML='';}

None of them was bypassed further in the paper. (I used Ctrl+F)

[homakov]

double checked http://seclab.stanford.edu/websec/framebusting/framebust.pdf there are many parent-navigation bypasses in this paper but nothing for innerHTML='' (not taking into account sandbox and xss auditor)