https://stackoverflow.com/questions/22265326
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianUse the X-Frame-Options and set it to DENY or SAMEORIGIN. DENY will completely deny anybody from framing the page in an iframe and SAMEORIGIN will only allow the same origin to display the page in an iframe. See https://coderwall.com/p/kdv1hw for more information.
How can I disable someone from loading a page in an iframe and using javascript to submit?
-
11-06-2023 - |
Pergunta
Title says it all.
Imagine this:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<iframe style="display:none" name="xxx"></iframe>
<form method='POST' action='http://MYPAGE.com/account/' target="xxx" id="xxx">
<input type='hidden' name='xxxxxxx' value='yyyyyyyy'>
<input type='submit' value='submit'>
</form>
<script>document.getElementById("xxx").submit()</script>
</body>
How can I disable an attack like that?
Solução
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
