WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 2 years ago

#12293 closed defect (bug)

Frame Busting in the Admin — at Version 1

Reported by: ryan Owned by: ryan
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description (last modified by ryan)

We discussed this before when Twitter was suffering from the iframe clickjacking attacks. Such attacks are harder and less tempting to do on individual WP sites than on big sites like Twitter and wp.com. They are still possible though, so we should consider integrating frame busting. The problem is that frame busting does break some plugins. Plugins would need API to turn of frame busting for their pages and would have to update to use that API.

Change History (1)

comment:1 ryan4 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.