[Skip Navigation]
2017-04-26
User Icon

Apr 26 In-Class Exercise.

Post your write-ups for the Apr 26 In-Class Exercise here.
Best, Chris
Post your write-ups for the Apr 26 In-Class Exercise here. Best, Chris
User Icon
-- Apr 26 In-Class Exercise
CODE: 
<!DOCTYPE html>
<html>
<head>
    <title>ICE 10 | April 26, 2017</title>
</head>
<body>
<iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html">
    <p>Your browser does not support iframes.</p>
</iframe>
</body>
</html>
Observation: iFrame content is empty.
Console: Refused to display 'http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'. Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
Explanation: The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. The added security is only provided if the user accessing the document is using a browser, Chrome in my case, supporting X-Frame-Options. If you specify SAMEORIGIN directive, you can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.
(Edited: 2017-04-26)
'''CODE:''' <pre> <!DOCTYPE html> <html> <head> <title>ICE 10 | April 26, 2017</title> </head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"> <p>Your browser does not support iframes.</p> </iframe> </body> </html> </pre> '''Observation:''' iFrame content is empty. '''Console:''' Refused to display 'http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'. Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE '''Explanation:''' The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. The added security is only provided if the user accessing the document is using a browser, Chrome in my case, supporting X-Frame-Options. If you specify SAMEORIGIN directive, you can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.
User Icon
-- Apr 26 In-Class Exercise
 Mykhailo Behei

 <!DOCTYPE html>
 <html>
 <head>
 	<title>April 26, 2017 in-class exercise</title>
 </head>
 <body>
 
 
 <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html" style="border: none">
 	<p>Your browser does not support iframes </p>
 </iframe>

 </body>
 </html>
Outcome: h1 and button did not show up, iframe is empty. The reason is because if the iframe is not pointing to the page within the same directory, it will be block to avoid clickjacking. I tested this by creating .html page within my working directory and putting the h1 tag and a button with alert into it, and the iframe did show the output in this case.
(Edited: 2017-04-26)
Mykhailo Behei <!DOCTYPE html> <html> <head> <title>April 26, 2017 in-class exercise</title> </head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html" style="border: none"> <p>Your browser does not support iframes </p> </iframe> </body> </html> Outcome: h1 and button did not show up, iframe is empty. The reason is because if the iframe is not pointing to the page within the same directory, it will be block to avoid clickjacking. I tested this by creating .html page within my working directory and putting the h1 tag and a button with alert into it, and the iframe did show the output in this case.
User Icon
-- Apr 26 In-Class Exercise
 Name: Pei Liu
 <!DOCTYPE html>
  <html>
  <head><title>IFrame Test</title></head>
  <body>
  <h1> IFrame Test </h1>
 <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe>
 </body>
  </html>
Resource Description for Screen Shot 2017-04-26 at 2.13.28 PM.png
Name: Pei Liu <!DOCTYPE html> <html> <head><title>IFrame Test</title></head> <body> <h1> IFrame Test </h1> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe> </body> </html> ((resource:Screen Shot 2017-04-26 at 2.13.28 PM.png|Resource Description for Screen Shot 2017-04-26 at 2.13.28 PM.png))
User Icon
-- Apr 26 In-Class Exercise
<!DOCTYPE html> <html>
	<body>
		<iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"/>
	</body>
</html>
Observation : iFrame is blank
Explanation : The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol.
---- <!DOCTYPE html> <html> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"/> </body> </html> '''Observation''': iFrame is blank '''Explanation''': The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol.
User Icon
-- Apr 26 In-Class Exercise
Kirtan Patel
<!DOCTYPE html> <html> <head>
	<title>In-class Exercise</title>
</head> <body>
	<iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe>
</body> </html>
Output: Error: Refused to display 'http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'. Error: GET http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html net::ERR_BLOCKED_BY_RESPONSE Resource Description for Screen Shot 2017-04-26 at 2.16.22 PM.png
(Edited: 2017-04-26)
Kirtan Patel <!DOCTYPE html> <html> <head> <title>In-class Exercise</title> </head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe> </body> </html> Output: Error: Refused to display 'http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'. Error: GET http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html net::ERR_BLOCKED_BY_RESPONSE ((resource:Screen Shot 2017-04-26 at 2.16.22 PM.png|Resource Description for Screen Shot 2017-04-26 at 2.16.22 PM.png))
User Icon
-- Apr 26 In-Class Exercise
Richard Lack
<!DOCTYPE html> <html> <head>
    <title>Excersise 10</title>
</head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe> </body> </html>
Refused to display 'http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'. www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
Richard Lack <!DOCTYPE html> <html> <head> <title>Excersise 10</title> </head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe> </body> </html> Refused to display 'http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'. www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
User Icon
-- Apr 26 In-Class Exercise
Xavier Reid
<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8">
    <title>Clickjack</title>
  </head>
  <body>
    <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe>
  </bocdy>
</html> Resource Description for Screen Shot 2017-04-26 at 2.17.44 PM.png
(Edited: 2017-04-26)
Xavier Reid <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Clickjack</title> </head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe> </bocdy> </html> ((resource:Screen Shot 2017-04-26 at 2.17.44 PM.png|Resource Description for Screen Shot 2017-04-26 at 2.17.44 PM.png))
User Icon
-- Apr 26 In-Class Exercise
Mohnish Kadakia <!DOCTYPE html> <html> <head>
    <title>In Class</title>
</head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"> </iframe> </body> </html>
Resource Description for Screen Shot 2017-04-26 at 2.17.52 PM.png
(Edited: 2017-04-26)
Mohnish Kadakia <!DOCTYPE html> <html> <head> <title>In Class</title> </head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"> </iframe> </body> </html> ((resource:Screen Shot 2017-04-26 at 2.17.52 PM.png|Resource Description for Screen Shot 2017-04-26 at 2.17.52 PM.png))
User Icon
-- Apr 26 In-Class Exercise
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe>
</body>
</html>
Observation: iFrame content displayed without issue Explanation: Security options are not set to disallow iFrames
<pre> <!DOCTYPE html> <html> <head> </head> <body> <iframe src="http://www.cs.sjsu.edu/faculty/pollett/174.1.17s/clickjack.html"></iframe> </body> </html> </pre> Observation: iFrame content displayed without issue Explanation: Security options are not set to disallow iFrames
[ Next ]
X

 

- Blog - Privacy - Terms - YioopBot - Developed at SeekQuarry -
(c) 2024 Yioop - PHP Search Engine
We use cookies to implement this site's user functionality, social media features, and traffic analytics. Privacy Policy Details. Allow Cookies