The login page will send response header X-Frame-Options: deny. The attack cannot be executed. View your browser console for more information.

This is a vulnerable page. View source to check the javascript.