diff --git a/files/en-us/_redirects.txt b/files/en-us/_redirects.txt index 18fa2020f6cac78..680dd34208ab5e8 100644 --- a/files/en-us/_redirects.txt +++ b/files/en-us/_redirects.txt @@ -3557,6 +3557,7 @@ /en-US/docs/Glossary/Bézier_curve /en-US/docs/Glossary/Bezier_curve /en-US/docs/Glossary/CSS_property /en-US/docs/Glossary/property/CSS /en-US/docs/Glossary/Cleartext /en-US/docs/Glossary/Plaintext +/en-US/docs/Glossary/Clickjacking /en-US/docs/Web/Security/Attacks/Clickjacking /en-US/docs/Glossary/Client_hints /en-US/docs/Web/HTTP/Client_hints /en-US/docs/Glossary/Condition /en-US/docs/Glossary/Conditional /en-US/docs/Glossary/Content_type /en-US/docs/Glossary/MIME_type diff --git a/files/en-us/glossary/clickjacking/index.md b/files/en-us/glossary/clickjacking/index.md deleted file mode 100644 index 825a62f045bf449..000000000000000 --- a/files/en-us/glossary/clickjacking/index.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Clickjacking -slug: Glossary/Clickjacking -page-type: glossary-definition ---- - -{{GlossarySidebar}} - -**Clickjacking** is an interface-based attack that tricks website users into unwittingly clicking on malicious links. In clickjacking, the attackers embed their malicious links into buttons or legitimate pages in a website. In an infected {{glossary("Site")}}, whenever a user clicks on a legitimate link, the attacker gets the confidential information of that user, which ultimately compromises the user's privacy on the Internet. - -Clickjacking can be prevented by implementing a [Content Security Policy (frame-ancestors)](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) and implementing [Set-Cookie attributes](/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes). - -## See also - -- [Web security: clickjacking protection](/en-US/docs/Web/Security/Practical_implementation_guides/Clickjacking) -- [Clickjacking](https://en.wikipedia.org/wiki/Clickjacking) on Wikipedia -- [Clickjacking](https://owasp.org/www-community/attacks/Clickjacking) on OWASP diff --git a/files/en-us/learn/html/multimedia_and_embedding/other_embedding_technologies/index.md b/files/en-us/learn/html/multimedia_and_embedding/other_embedding_technologies/index.md index e749e333252b673..d4a55d4bc184555 100644 --- a/files/en-us/learn/html/multimedia_and_embedding/other_embedding_technologies/index.md +++ b/files/en-us/learn/html/multimedia_and_embedding/other_embedding_technologies/index.md @@ -257,9 +257,9 @@ Above we mentioned security concerns — let's go into this in a bit more detail Browser makers and Web developers have learned the hard way that iframes are a common target (official term: **attack vector**) for bad people on the Web (often termed **hackers**, or more accurately, **crackers**) to attack if they are trying to maliciously modify your webpage, or trick people into doing something they don't want to do, such as reveal sensitive information like usernames and passwords. Because of this, spec engineers and browser developers have developed various security mechanisms for making ` +``` + +In the CSS for the page, the attacker: + +- hides the `