a simple framebuster sample, we must prevent embedded iframes from ac…

…cessing parent windows. can we manually specify a realm from inside content-window.js ??

ui/frame_buster/index.html

@@ -0,0 +1,15 @@
+<html>
+  <head>
+    <title>WebbyFox</title>
+
+  </head>
+  <body >
+   <p> 
+     I'm the outer frame.  you better now pwn me. 
+   </p>
+
+   <iframe src="inner-page.html" width="400" height="100" border="2" > 
+   </iframe>
+
+  </body>
+</html>

ui/frame_buster/inner-page.html

@@ -0,0 +1,12 @@
+<html>
+  <head>
+    <title>WebbyFox</title>
+
+  </head>
+  <body>
+    I'm the inner frame.  you've been pwned!
+    <script type="text/javascript">
+      if (top != self) top.location.replace(self.location.href);
+    </script>
+  </body>
+</html>