[wp-trac] [WordPress Trac] #12293: Frame Busting in the Admin
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 19 21:04:55 UTC 2010
#12293: Frame Busting in the Admin
--------------------------+-------------------------------------------------
Reporter: ryan | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version:
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Description changed by ryan:
Old description:
> We discussed this before when Twitter was suffering from the iframe
> clickjacking attacks. Such attacks are much harder to do on individual WP
> sites than on big sites like Twitter and wp.com. They are still possible
> though, so we should consider integrating frame busting. The problem is
> that frame busting does break some plugins. Plugins would need API to
> turn of frame busting for their pages and would have to update to use
> that API.
New description:
We discussed this before when Twitter was suffering from the iframe
clickjacking attacks. Such attacks are harder and less tempting to do on
individual WP sites than on big sites like Twitter and wp.com. They are
still possible though, so we should consider integrating frame busting.
The problem is that frame busting does break some plugins. Plugins would
need API to turn of frame busting for their pages and would have to update
to use that API.
--
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12293#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list