Bil Corry wrote, On 18/02/2009 21.31:
Boris Zbarsky wrote on 2/18/2009 9:27 AM:
And really no different from:
<script>
if (window != window.top)
window.top.location.href = window.location.href;
</script>
in effect, right? This last already works in all browsers except IE,
which is presumably why IE felt the need to add another way to do it.
Supposedly, a future release of IE8 will fix this (see Issue #4):
http://ha.ckers.org/blog/20081007/clickjacking-details/
I doubt we'll see a "fix" for <iframe security=restricted> ;)
-- G