From: https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

In the document HEAD element, add the following:

First apply an ID to the style element itself:

<style id="antiClickjack">body{display:none !important;}</style>

And then delete that style by its ID immediately after in the script:

<script type="text/javascript">
   if (self === top) {
       var antiClickjack = document.getElementById("antiClickjack");
       antiClickjack.parentNode.removeChild(antiClickjack);
   } else {
       top.location = self.location;
   }
</script>

Comments

  • deekayen committed b066189 on 7.x-2.x 
    Issue #2306027 by deekayen: Try frame breaking code recommended by OWASP...
deekayen’s picture

deekayen commented
Version: 7.x-1.0 » 6.x-1.0
Status: Active » Patch (to be ported)

  • deekayen committed 4caad1d on 6.x-2.x 
    Issue #2306027 by deekayen: Try frame breaking code recommended by OWASP...
deekayen’s picture

deekayen commented
Status: Patch (to be ported) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.