framebusting

FWIW, most current browsers support the X-Frame-Options: deny directive, which works even when script is disabled. IE8: http://blogs.msdn.com/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx Firefox (3.6.9) https://bugzilla.mozilla.org/show_bug.cgi?id=475530 https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header Chrome/Webkit http://blog.chromium.org/2010/01/security-in-depth-new-security-features.html http://trac.webkit.org/changeset/42333