Y
Hacker News
new
|
ask
|
show
|
jobs
by
jffry
4700 days ago
Would X-Frame-Options:DENY work to mitigate the view-source: attack?
1 comments
jffry
4700 days ago
Just threw together a test case. X-Frame-Options does seem to mitigate the view-source attack:
http://jsfiddle.net/GEynT/2/embedded/result/
link
joshfraser
4700 days ago
To be clear, the hack is still possible without view-source. It just makes it easier and more generic of a solution.
link