InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Using ClickJacking Correctly

https://forums.informaction.com/viewtopic.php?t=11130

Page 1 of 1

Using ClickJacking Correctly

Posted: Tue Dec 04, 2012 8:17 am
by asloane
If I untick any of the options in the NoScript ClickJacking panel which is displayed during a ClickJack, will the sites involved be permanently whitelisted or is the allowance only temporary?

If a site was allow to ClickJack would it appear in the NoScript Whitelist?

I can only find one Whitelist, which I assumed was for generally allowing javascript and not for ClickJacking. Please correct me if wrong.

Re: Using ClickJacking Correctly

Posted: Tue Dec 04, 2012 10:52 am
by Thrawn
What site is involved? If it's a false positive, then Giorgio will want to know, and if it can't be worked around by refining NoScript, then the site owner should be informed that their site design is bad.

You are correct, there is only a whitelist for javascript. Clickjacking shouldn't need a whitelist, because it shouldn't happen on legitimate sites.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited