After long discussion about methods of Clickjacking prevention, I've released for testing and reviewing SafeClick. It is a module for Drupal CMS which implements several of such techniques.
The first is an implementation of X-Frame-Options HTTP header.
The second is JavaScript + CSS + <NoScript> hack, pointed to me by sirdarckcat - thanks to him!
The third is special CSS, which can be useful if a website allows users to post frames within their content. It overrides opacity and z-index of HTML elements, used for Clickjacking attacks.
Module is currently being reviewed by Drupal community. Everyone is welcomed for testing and hacking!
0 comments:
Post a Comment