It does not explain how. What it actually does is ensure nothing is displayed at all if you turn JavaScript off - a legitimate debugging technique and a legitimate usability concern.
There is no legible history to this file. If this even achieves what it says it achieves it is doing it the wrong way. Do we really anticipate clickjacking in private administration backends?
This file purportedly prevents "clickjacking"
https://github.com/OpusVL/OpusVL-FB11/blob/d7ff1465367b21fe4499e145b7627d9a33170387/lib/auto/OpusVL/FB11/root/templates/clickjack.tt
It does not explain how. What it actually does is ensure nothing is displayed at all if you turn JavaScript off - a legitimate debugging technique and a legitimate usability concern.
There is no legible history to this file. If this even achieves what it says it achieves it is doing it the wrong way. Do we really anticipate clickjacking in private administration backends?