From 19f138d4add15de9e45d6c8b60d9047b59f946f9 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Mon, 9 Oct 2023 20:52:28 +0200 Subject: [PATCH] Update README.md --- Clickjacking/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Clickjacking/README.md b/Clickjacking/README.md index 512a117..5502ac3 100644 --- a/Clickjacking/README.md +++ b/Clickjacking/README.md @@ -2,7 +2,7 @@ > Clickjacking is a type of web security vulnerability where a malicious website tricks a user into clicking on something different from what the user perceives, > potentially causing the user to perform unintended actions without their knowledge or consent. Users are tricked into performing all sorts of unintended actions -> are such as typing in the password, clicking on ‘Delete my account’ button, liking a post, deleting a post, commenting on a blog. In other words all the actions +> as such as typing in the password, clicking on ‘Delete my account’ button, liking a post, deleting a post, commenting on a blog. In other words all the actions > that a normal user can do on a legitimate website can be done using clickjacking. ## Summary @@ -175,6 +175,7 @@ _Attacker's Page_ ``` ## XSS Filter + ### IE8 XSS filter This filter has visibility into all parameters of each request and response flowing through the web browser and it compares them to a set of regular expressions in order to look for reflected XSS attempts. When the filter identifies a possible XSS attacks; it disables all inline scripts within the page, including frame busting scripts (the same thing could be done with external scripts). For this reason an attacker could induce a false positive by inserting the beginning of the frame busting script into a request’s parameters. ```html @@ -189,6 +190,7 @@ This filter has visibility into all parameters of each request and response flow ```html