no because the permission box cannot be iframed
It's impossible in most cases. In others, not so much. It simply depends on what you're installing or forcing someone to accept. If you are installing something that requires a modal dialog, no, everyone above me is correct. If you're installing something that doesn't require a modal dialog but actually shows up on the page (like Flash tends to). Lots of activeX controls are on-page, so once they're installed they tend to not create modal dialogs for actions (think Webcasting software). Since they are part of the page, there is a high chance they'll be vulnerable.
no because the permission box cannot be iframed
its possible to iframe perm request page only in ie7/8/9 by a bug that i know but i dont know how to click jack in ie
pm me how can clickjack in ie,and i will reply how to iframe facebook app page,and lets work to configure it![]()
search in forum for "Basic Forced Like"
Like and app installs have difference my friend.
is this a joke?
i say you i can bypass top.location.href blabla thing so i can iframe the request page in internet explorer but there is no any click jack app for ie
Read my comment just after ur reply.
I asked you that basic code. Didn't I ? It seems you have major understanding problem.
facebook dot com/connect/uiserver.php?display=wap&next=https%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_success%3Fredirect_uri%3Dhttp%253A%252F%252Fwww.siz.net%252Ft.html%26client_id%3D133428240003776%26type%3Duser_agent&app_id=2318966938&method=permissions.request
i have pages with 500k liked,and an app with 115k user
and i still didnt understand the difference between like and app install
as example with a like page and this have no difference
PHP:facebook dot com/connect/uiserver.php?display=wap&next=https%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_success%3Fredirect_uri%3Dhttp%253A%252F%252Fwww.siz.net%252Ft.html%26client_id%3D133428240003776%26type%3Duser_agent&app_id=2318966938&method=permissions.request
just the button of the allow is bottom of the page you can fix it by iframe 's variables
Facebook has javascript code (at least in the api-related pages) that checks whether it's being loaded in an iframe and disables the page. I think this is to prevent clickjacking.
Facebook doesn't want you to do what you're trying to do. Use a popup window instead.
function si_cj(m) {
setTimeout(function () {
new Image().src = ":\/\/error dot facebook dot com\/common\/scribe_endpoint.php?c=si_clickjacking&t=7437" + "&m=" + m;
}, 5000);
}
if (top != self) {
try {
if (parent != top) {
throw 1;
}
var si_cj_d = ["app dot facebook.com", "\/pages\/", "apps dot beta dot facebook.com"];
var href = top.location.href.toLowerCase();
for (var i = 0; i < si_cj_d.length; i++) {
if (href.indexOf(si_cj_d[i]) >= 0) {
throw 1;
}
}
si_cj("3 ");
} catch (e) {
si_cj("1 \t");
window.document.write("\u003cstyle>body * {display:none !important;}\u003c\/style>\u003ca href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display:block !important;padding:10px\">Facebook dot com'a git\u003c\/a>");