JavaScript Ninja – Quick And Dirty ClickJacking IFRAME-Embedding Protection

A nifty little trick.

copy&&paste the following:

<script type="application/javascript" async="async" src="data:application/javascript;base64,KGZ1bmN0aW9uKHQscyl7Cih0Lmhvc3RuYW1lLnRvTG93ZXJDYXNlKCkhPT1zLmhvc3RuYW1lLnRvTG93ZXJDYXNlKCkpJiYodD1zKTtyZXR1cm4gdHJ1ZTt9KHRvcC5sb2NhdGlvbixzZWxmLmxvY2F0aW9uKSk7"></script>

Just before </head>.

F.Y.I – it uses the following plain/text code:

(function(t,s){
(t.hostname.toLowerCase()!==s.hostname.toLowerCase())&&(t=s);return true;}(top.location,self.location));

but as base64, you can also use ASYNC attribute, which benefit some browsers whom optimize the loading of external-resources.

Enjoy!