November 16, 2005
Defeating Frame Busting Techniques
(designed for Internet
Explorer and Opera only)
How it works
- Attacker creates an iframe tag pointing to a victim
site, setting Microsoft's security=restricted property on the
code inside the iframe to execute, because the frame is now in the
- If the iframe location is on the same domain, the attacker
by attaching event handlers from the outside (unrestricted)
window. This allows the outer window to get around the restriction
that hyperlinks in a restricted iframe are supposed to
open in a new window.
- The browser's back and forward buttons can still
be used to navigate the restricted frame.
- Doesn't work in Mozilla browsers.
data in the restricted iframe is not visible to the attacker if
its location is on a different domain.
- If attackers can launch a Cross-Site Scripting (XSS) attack
on a site, they could get approximately the same effect through alternative
routes, for example using XMLHttpRequests and manipulating the