On Thu, Dec 12, 2013 at 05:11:59PM -0800, Michal Zalewski wrote: > >> But I wouldn't consider it a failing on part of the targeted website - > >> you'd need to put essentially everything behind XFO to fix this > >> problem on application level, which is not feasible for a good number > >> of websites (including FB, because they have a variety of gadgets that > >> are meant to be framed). > > > > Or use JS to make it impossible to select text or so. > > Doesn't work for non-HTML content, such as JSON responses, images, etc :-) Doesn't Google always send JSON with Content-Disposition: attachment or so because of that? Of course, good point about images.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/