ClickJacket
"Best-for-now" iframe protection to only allow iframes for any given protocols and/or domains. Replaces page html when viewed from an origin that is not allowed.
Config
allowedDomains
type: [String]
The domains to allow from an iframe. Allows all domains if not given.
allowedProtocols
type: [String]
The protocols to allow from an iframe. Allows all protocols if not given.
failureMessage
type: String
If an iframe fails to pass validation, this message replaces the page's html. Defaults to '';
Usage
<!-- Allow specific domains --> Cool Site
<!-- Allow specific protocols --> Cool Site
<!-- Show specialized message --> Cool Site