jeena/en.javascript.info
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions

Spelling Continued

Browse source 
Checked some spelling further along in the article files. Made some
small grammatical fixes, but mostly spelling.
This commit is contained in:
reigningmetal 2017-06-12 20:26:14 -04:00
parent 42d9f16fe3
commit c97f53563c
19 changed files with 31 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
4-frames-and-windows/01-popup-windows/article.md
View file

@ -137,7 +137,7 @@ For windows with URLs from another sites, we are able to change the location by
A popup may access the "opener" window as well. A JavaScript in it may use `window.opener` to access the window that opened it. It is `null` for all windows except popups.
So both the main window and the popup have a reference to each other. Thay may modify each other freely assuming that they come from the same origin. If that's not so, then there are still means to communicate, to be covered in the next chapter <info:cross-window-communication>.
So both the main window and the popup have a reference to each other. They may modify each other freely assuming that they come from the same origin. If that's not so, then there are still means to communicate, to be covered in the next chapter <info:cross-window-communication>.
## Closing a popup

2
4-frames-and-windows/06-clickjacking/article.md
View file

@ -194,7 +194,7 @@ A hacker can post a link to his evil page in a message or lure visitors to his p
From one side -- the attack is "not deep": all a hacker can do is one click. But from another side, if the hacker knows that after the click another control appears, then it may use cunning messages to make the user to click on it as well.
The attack is quite dangerous, because when we engineer the UI we usually don't think that a hacker can click on behalf of the visitor. So vulnerabilities can be found in totally unexpeced places.
The attack is quite dangerous, because when we engineer the UI we usually don't think that a hacker can click on behalf of the visitor. So vulnerabilities can be found in totally unexpected places.
- It's recommended to use `X-Frame-Options: SAMEORIGIN` on pages that are totally not meant to be shown inside iframes (or just for the whole site).
- Use a covering `<div>` if we want to allow our pages to be shown in iframes, and still stay safe.