Busting, and Fixing, Frame Busting

← Back to Stories (view on slashdot.org)

Busting, and Fixing, Frame Busting

Posted by kdawson on Tuesday May 25, 2010 @06:55AM from the don't-frame-me-bro dept.

An anonymous reader writes "A study presented last week at the IEEE Web Security and Privacy workshop shows that frame busting code used at popular websites is easily circumvented. Frame busting is a widely used technique to prevent clickjacking attacks. The researchers propose better frame busting code and suggest that websites migrate to this new code."

3 of 111 comments (clear)

Min score:

Reason:

Sort:

Better Yet by Monkeedude1212 · 2010-05-25 07:03 · Score: 5, Insightful

Remove Frames altogether. I honestly can't think of a time where a frame has made anything on the web easier save for Kingdom of Loathing.
Even the Google Image searches - its annoying that I have to click on the image and then click on another one to get linked to the full size image. Why not just make the image go straight to the image link, and put a URL under the image that goes to the page its hosted on. No more frames, and less hassle.
Frames constantly break websites, cause vulnerabilities, and have been a nuisance since the 90's.
Anybody here have anything to say in the defense of frames?
1. Re:Better Yet by Yvan256 · 2010-05-25 07:08 · Score: 5, Funny
  
  Anybody here have anything to say in the defense of frames?
  They're great for holding paintings?
Same Origin Policy by tepples · 2010-05-25 07:17 · Score: 4, Informative

Agreed, frames are the scourge of the web, obliterate them from the universe immediately.
Whereas a DIV that floats annoyingly around your page with content loaded from an external source is perfectly okay, because it's ... ? In the HTML spec ?
Unlike frames, the XMLHttpRequest to get the content into the DIV is restricted by the Same Origin Policy.