undefined | Better HN

0 pointsjffry12y ago0 comments

Just threw together a test case. X-Frame-Options does seem to mitigate the view-source attack: http://jsfiddle.net/GEynT/2/embedded/result/

0 comments

To be clear, the hack is still possible without view-source. It just makes it easier and more generic of a solution.

j / k navigate · click thread line to collapse

0 pointsjffry12y ago0 comments

Just threw together a test case. X-Frame-Options does seem to mitigate the view-source attack: http://jsfiddle.net/GEynT/2/embedded/result/

To be clear, the hack is still possible without view-source. It just makes it easier and more generic of a solution.

j / k navigate · click thread line to collapse