Clickjacking is a visual deception. Attackers use a transparent and invisible iframe to overwrite
Web pages, and then entice users to operate on the web page, the user will click transparent iframe without knowledge
A button or link on the page. By adjusting the location of the iframe page, you can trick users into clicking some functional buttons on the iframe page.
<Head> <title> click jack !!! </Title> <style> iframe {width: 900px; height: 250px;/* Use absolute positioning to line up update button with fake button */position: absolute; top: -195px; left:-740px; z-index: 2;/* Hide from view */-moz-opacity: 0; opacity: 0; filter: alpha (opacity = 0) ;}button {position: absolute; top: 10px; left: 10px; z-index: 1; width: 120px ;} </style> Similarly, there is also the image overwrite hijacking, which overwrites the image on the hijacked page with the same image, but the link address is different.
Example
Therefore, we need to consider this vulnerability when providing users with HTML code snippets. I tried to check whether this vulnerability exists in the CSDN code editing mode and found that these two vulnerabilities were blocked.