Dark Launch

Twitter's Frame Breaker To Stop Clickjacking

Twitter uses a frame breaker to help mitigate clickjacking. Interesting implementation:
Javascript
if (window.top !== window.self) {
    document.write = '';
    window.top.location = window.self.location;
    setTimeout(function() {
        document.body.innerHTML = '';
    },
    1);
    window.self.onload = function(evt) {
        document.body.innerHTML = '';
    };
}

Code
if top window is not this window{
    render the page starting here
    refresh the page making me the top window to break out of any frames
    remove page content (html including graphics, buttons, etc)
    when window loads, again remove page content
}


NOTE: i think they meant document.write('');