如何实现一个框架克星？ [英] How to implement a frame buster?

问题描述

我在寻找它描述了如何实现一个工作框架克星也涉及了不要有JS在其浏览器激活人的指导。

I'm searching for a guide that describes how to implement a working frame buster that also deals with people that dont have JS activated in their browser.

我看了这个问题非常好，但我绝对没有兴趣像任何忠告不要做自己或者也许尝试......。我希望看到一份文件，以一步一步的指导，解释每一个为什么（不，也许是和wihtout猜测）。学术论文prefered。

I read this very good question but i'm absolutely not interested in any advice like "dont do that yourself" or "maybe try...". i want to see a paper, with a step to step guide explaining every "why" (without maybe's and wihtout guesses). Academic papers prefered.

任何人都可以张贴链接，这样做的事实上的圣洁，大盘纸？

Can anyone post the link to the de-facto holy-grail paper of doing that?

感谢

推荐答案

说实话，我认为你描述什么是不可能的。纠正我，如果我错了，但是这似乎是违反了同根同源的政策。这是一个什么样的浏览器被允许做了事实上的Holdy-圣杯的论文： HTTP：//$c$c.google.com/p/browsersec/wiki /主 请务必阅读第2节。

To be honest I think what you are describing is impossible. Correct me if i am wrong but this seems like a violation of the same origin policy. This is the "de-facto Holdy-Grail" paper of what browsers are allowed to do: http://code.google.com/p/browsersec/wiki/Main Make sure to read section 2.

*的编辑：点击劫持是绕过了未打补丁的Web浏览器的同源策略的各个方面的攻击。试图prevent可以来自未打补丁的浏览器中所有的攻击是一项艰巨的任务epically考虑到人很可能已经被黑，并开一个僵尸网络。如果你真的关心弱势Web浏览器，我建议阻止IE6及以下。

* ClickJacking is an attack that bypasses aspects of the same origin policy in un-patched web browsers. Trying to prevent all attacks that can come from unpatched browsers is a massive undertaking epically considering that person is most likely already hacked and apart of a BotNet. If you are really concerned about vulnerable web browsers I recommend blocking IE6 and below.

这篇关于如何实现一个框架克星？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！