ckickjacking and iFrames and Modal windows

[equalsJeffH]

The Modal Window explainer says:

A challenge with iframes is click-jacking. The mechanisms in place to solve this
often make use cases for which modal windows would be useful (payments,
authentication etc) impossible to implement.

Is this attempting to say that if one applies current anti-clickjacking techniques to cross-origin iframe-based implementations of use cases such as payments and authentication, the results are suboptimal UX-wise (or perhaps impossible to realize) and that Modal Windows are ostensibly a means to circumvent such issues?

Also, are browser-chrome-materialized windows (e.g., "modal windows") inherently not-clickjackable?

[adrianhopebailie]

Is this attempting to say that if one applies current anti-clickjacking techniques to cross-origin iframe-based implementations of use cases such as payments and authentication, the results are suboptimal UX-wise (or perhaps impossible to realize) and that Modal Windows are ostensibly a means to circumvent such issues?

Yes, that is my take.

Also, are browser-chrome-materialized windows (e.g., "modal windows") inherently not-clickjackable?

I believe so. The UI of is only shown when the window materializes and my expectation is that UAs would use visual cues (a border around the window, darkened overlay over parent) to make it clear that the user is now clicking inside a new context.