Clickjacking
Medium
Vulnerability Details
Steps to reproduce:
create index.html file with following content:
<iframe sandbox="allow-scripts allow-forms" src="https://go.pushwoosh.com/register" width="1000" height="600"></iframe>
Open index.html in browser
Actual result: Pushwoosh viewed in iframe.
Expected result: do not allow clickjacking
Root cause:
```
var isInIFrame = (function () {
try {
return window.self !== window.top;
} catch (e) {
return true;
}
})();
```
Actions
View on HackerOneReport Stats
- Report ID: 200419
- State: Closed
- Substate: resolved
- Upvotes: 7