Clickjacking vulnerabilities and solutions

Modified on Wed, 9 Jun, 2021 at 2:50 PM

Click jacking:


Click jacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.



Typically, click jacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees.

To overcome click jacking, iFrame header policy has to be set in Smarten. The frame policy can be used to indicate whether or not a browser should be allowed to open a page in frame.

In security-config.xml file (smarten.war/WEB-INF/ security-config.xml), the below code-line should be uncommented / added.



                <frame-options policy="SAMEORIGIN"/>



This setting will allow a page to be displayed in a frame on the same origin. Once this is set, if anyone attempts click jacking, smarten will forbid the URL as shown below.





Please refer to Application Security Implementation Manual to learn more.

Note: This article is based on Smarten Version 5.0. This may or may not be relevant to the Smarten version you may be using.

Security Vulnerability Clickjacking iFrame

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article