busting out of frames with javascript in a way that works with all browsers?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • William Krick
    #1

    busting out of frames with javascript in a way that works with all browsers?

    I did a little searching for javascript code that will make a page
    "jump out" of frames when the page is loaded. There seems to be many,
    many ways to do this and I've added the ones I found to the end of
    this post.

    Which one should I use? Is there a generally accepted "best" way to
    do this that works will all browsers?

    ....
    Krick



    if (top != self) {
    top.location = self.location;
    }

    if (window != top) {
    top.location.hr ef = location.href
    }

    if (top.window != window) {
    top.location.hr ef = window.location .href
    }

    if (parent.frames. length > 0) {
    parent.location .href = location.href;
    }

    if (top.location != location) {
    top.location.hr ef = document.locati on.href
    }

    if (parent.frames. length >= 1) {
    window.top.loca tion.href = "index.html "
    }
    Tags: None
    • Andrew Thompson
      #2
      Re: busting out of frames with javascript in a way that works with all browsers?

      On 5 Oct 2004 15:00:10 -0700, William Krick wrote:
      [color=blue]
      > ..Sub: busting out of frames with javascript in a
      > way that works with all browsers?[/color]
      ...[color=blue]
      > Is there a generally accepted "best" way to
      > do this that works will all browsers?[/color]

      No. Not all browsers have JS enabled.
      (I just wanted to check that you realise that.)

      As for the ways to break out of frames in JS enabled browsers,
      I'll be listening to what the experts say, and looking over
      your suggestions. I am sick of serving up content for other
      people's sites, and anything that can reduce that is most welcome.

      --
      Andrew Thompson
      http://www.PhySci.org/codes/ Web & IT Help
      http://www.PhySci.org/ Open-source software suite
      http://www.1point1C.org/ Science & Technology
      http://www.lensescapes.com/ Images that escape the mundane

        Comment

        • Richard Cornford
          #3
          Re: busting out of frames with javascript in a way that works with all browsers?

          William Krick wrote:[color=blue]
          > I did a little searching for javascript code that will make
          > a page "jump out" of frames when the page is loaded. There
          > seems to be many, many ways to do this and I've added the
          > ones I found to the end of this post.
          >
          > Which one should I use? Is there a generally accepted
          > "best" way to do this that works will all browsers?[/color]

          If you are breaking out of frames they will presumably be other people's
          frames and cross-domain/same-origin security restrictions will apply.
          The extent to which you can read properties of the containing frame may
          be more or less restricted because of this.

          It is important that your code does not cause an exception due to
          security restrictions else it will not only not escape the frame, but it
          might not work properly at all.
          [color=blue]
          > if (top != self) {[/color]

          (top != self) and (top != window) are equivalent, as are (parent !=
          self) and (parent != window). Top, self, window and parent are
          properties of your global/window object so there should be no problem
          reading them and comparing them.
          [color=blue]
          > top.location = self.location;[/color]

          This might error because the - location - property refers to an object.
          Although you can (and probably should) set it with a sting value this
          assignment is setting it to an object reference. Probably the -
          self.location - object reference will be type-converted to a sting for
          the assignment, but I wouldn't want to trust to that in this context.
          Instead assign the - href - (string) property of your location object to
          the location property of the top or parent frame:-

          top.location = self.location.h ref;
          -or:-
          parent.location = window.location .href;
          (and related permutations)

          - assigning to the - location - property in the parent/top frame is not
          normally a security issue as at just unloads and replaces the entire
          parent/top document.
          [color=blue]
          > }
          >
          > if (window != top) {
          > top.location.hr ef = location.href[/color]

          Assigning to the href property of the - top.location - object might be
          subject to security restrictions (you may be denied access to the
          contents of top.location, or read access to top itself (you have to have
          read access to resolve - top.location - to an object reference)).
          [color=blue]
          > if (top.window != window) {[/color]

          top and top.window should refer to the same object, but trying to read
          properties of top might be restricted.
          [color=blue]
          > top.location.hr ef = window.location .href
          > }[/color]

          This assignment is functionally equivalent to the previous example.
          [color=blue]
          > if (parent.frames. length > 0) {[/color]

          Reading properties of the - parent - and/or - parent.frames - object may
          be subject to security restrictions.
          [color=blue]
          > parent.location .href = location.href;
          > }
          >
          > if (top.location != location) {[/color]

          As indeed might comparing properties of the - top - or - parent - object
          with properties of your own global/window object, if they are from
          different domains.
          [color=blue]
          > top.location.hr ef = document.locati on.href
          > }
          >
          > if (parent.frames. length >= 1) {[/color]

          Again, reading properties of the - parent - and/or - parent.frames -
          object may be subject to security restrictions.
          [color=blue]
          > window.top.loca tion.href = "index.html "
          > }[/color]

          There is more maintenance in using string literals (different code on
          each page and a need to update it if you decide to change the page name
          (or copy and paste to create a new page). While not only do versions
          that assign location.href not need to know their file name, they can all
          be imported with a common site-wide JS file.

          Compare the self or window properties of your global/window object with
          its top or parent properties and if they differ assign the location.href
          string from your global/window object to the location property of the
          top or parent object. Something like:-

          if(parent != window){
          parent.location = location.href;
          }

          Richard.


            Comment

            • Dr John Stockton
              #4
              Re: busting out of frames with javascript in a way that works with all browsers?

              JRS: In article <cjv9rh$658$1$8 302bc10@news.de mon.co.uk>, dated Wed, 6
              Oct 2004 00:13:52, seen in news:comp.lang. javascript, Richard Cornford
              <Richard@litote s.demon.co.uk> posted :[color=blue]
              >
              >If you are breaking out of frames they will presumably be other people's
              >frames and cross-domain/same-origin security restrictions will apply.
              >The extent to which you can read properties of the containing frame may
              >be more or less restricted because of this.
              >
              >It is important that your code does not cause an exception due to
              >security restrictions else it will not only not escape the frame, but it
              >might not work properly at all.[/color]


              If one's page has without permission been framed, one may want to de-
              frame it. But if one cannot de-frame it one might prefer not to display
              it at all, or to display a considerably different content ...

              Pseudo-code :

              if (framed) and (not-authorised) then
              body.HTML = "<big>Frame d display not permitted!<\/big>"
              // which should stop what follows it from showing.

              Or even if (framed) and (not-authorised) then while true do ;

              --
              © John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 IE 4 ©
              <URL:http://www.jibbering.c om/faq/> JL/RC: FAQ of news:comp.lang. javascript
              <URL:http://www.merlyn.demo n.co.uk/js-index.htm> jscr maths, dates, sources.
              <URL:http://www.merlyn.demo n.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.

                Comment

                • Michael Winter
                  #5
                  Re: busting out of frames with javascript in a way that works with all browsers?

                  On Wed, 6 Oct 2004 15:25:04 +0100, Dr John Stockton
                  <spam@merlyn.de mon.co.uk> wrote:

                  [snip]
                  [color=blue]
                  > Or even if (framed) and (not-authorised) then while true do ;[/color]

                  But wouldn't that punish the user by hanging the browser? It wasn't their
                  decision to steal your page.

                  Mike

                  --
                  Michael Winter
                  Replace ".invalid" with ".uk" to reply by e-mail.

                    Comment

                    • Dr John Stockton
                      #6
                      Re: busting out of frames with javascript in a way that works with all browsers?

                      JRS: In article <opsfh1a50rx13k vk@atlantis>, dated Thu, 7 Oct 2004
                      12:07:03, seen in news:comp.lang. javascript, Michael Winter <M.Winter@bl
                      ueyonder.co.inv alid> posted :[color=blue]
                      >On Wed, 6 Oct 2004 15:25:04 +0100, Dr John Stockton
                      ><spam@merlyn.d emon.co.uk> wrote:
                      >
                      >[snip]
                      >[color=green]
                      >> Or even if (framed) and (not-authorised) then while true do ;[/color]
                      >
                      >But wouldn't that punish the user by hanging the browser? It wasn't their
                      >decision to steal your page.[/color]

                      Well, is there not always a way to stop the browser window? Back, Stop,
                      Home, or wait for a browser timeout? There should be.

                      It's an indirect way of punishing the offender, by getting his readers
                      seriously annoyed with the consequences of unauthorised framing, so that
                      they become ex-readers.

                      But I leave it to the reader of my news article to decide what his pages
                      should do - quietly unframe his page, quietly decline to display,
                      complain and display, sweep the background through an inartistic choice
                      of colours, seize up, ...

                      --
                      © John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 IE 4 ©
                      <URL:http://www.jibbering.c om/faq/> JL/RC: FAQ of news:comp.lang. javascript
                      <URL:http://www.merlyn.demo n.co.uk/js-index.htm> jscr maths, dates, sources.
                      <URL:http://www.merlyn.demo n.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.

                        Comment

                        Previous template Next
                        Working...