admin管理员组文章数量:1415491
So we are loading a page in an iframe. This child page is loaded from a cache on the same domain as the parent. However external assets are not cached locally, and are loaded from the external site - including javascript. In one site we have frame-busting code:
if (top.location != self.location) {
top.location = self.location
}
Now I know that we could use the solution from coderr but I'm not sure what the implications / knock on issues are. Given that we have access to the cached child page, I am wondering whether there is anything we can add to the child in order to override any methods or values in order to render null the framebusting. E.g in the <head> of the child I tried adding this:
<script type="text/javascript">
top.location = self.location
</script>
and
self.location = top.location
with pretty horrific results (infinite nesting in the first example, total and plete browser meltdown in the second).
Are there any suggestions for code we could add to the child to nullify the framebusting?
Else, we'll have to cache the js and parse out / replace framebusting script.
Thanks
R.
And please - this is legit!!
So we are loading a page in an iframe. This child page is loaded from a cache on the same domain as the parent. However external assets are not cached locally, and are loaded from the external site - including javascript. In one site we have frame-busting code:
if (top.location != self.location) {
top.location = self.location
}
Now I know that we could use the solution from coderr but I'm not sure what the implications / knock on issues are. Given that we have access to the cached child page, I am wondering whether there is anything we can add to the child in order to override any methods or values in order to render null the framebusting. E.g in the <head> of the child I tried adding this:
<script type="text/javascript">
top.location = self.location
</script>
and
self.location = top.location
with pretty horrific results (infinite nesting in the first example, total and plete browser meltdown in the second).
Are there any suggestions for code we could add to the child to nullify the framebusting?
Else, we'll have to cache the js and parse out / replace framebusting script.
Thanks
R.
And please - this is legit!!
Share Improve this question asked Dec 17, 2010 at 16:12 Richard HRichard H 39.2k38 gold badges114 silver badges141 bronze badges 2- This has been asked a bunch of times stackoverflow./search?q=prevent+frame+breaking – epascarello Commented Dec 17, 2010 at 16:26
- 1 @Epascarello - most of these i think are wrt loading pages from third-party sites, not from the same domain with access to child page source. – Richard H Commented Dec 17, 2010 at 16:31
2 Answers
Reset to default 4I came across a very interesting post by Jeff Atwood a while ago, where he talks about an "impossible" to counter anti-frame-busting technique:
http://www.codinghorror./blog/2009/06/we-done-been-framed.html
It doesn't even require privileged access to the child frame's code!
Simple Text replacement with Tampermonkey
document.body.innerHTML = document.body.innerHTML.replace(/original/g,"new");
If using the regex version (replace all occurrences in the document) then you need to escape especial characters like / and " with the \ symbol.
To replace only a single occurrence:
var find = "if (top.location!=location) { top.location.href = location.href; }";
replace = "";
document.body.innerHTML = document.body.innerHTML.replace(find,replace);
This will not work on pages that have the <script> at the very top, up by the head.
Make sure @run-at document.start is set.
本文标签: javascriptPreventing frame busting with access to page sourceStack Overflow
版权声明:本文标题:javascript - Preventing frame busting with access to page source - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745154336a2645077.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论