[thelist] Frame busting

Erik Mattheis gozz at gozz.com
Mon Sep 11 11:23:56 CDT 2000


Can anybody else confirm this? I think and hope there is a misunderstanding:

It is only the location property of a frame from another domain that 
is inaccessible to your scripts.

Don't say:

if (top.location.href != self.location.href)

Try:

if (top != self)

or if your site doesn't use frames:

if (top.frames.length)


>Ok, I just found out one of those completely weird things that keep life
>interesting for the web developer.
>
>I want to write a general purpose frame busting script for when your site
>is loaded into someone else's frameset.
>
>The known problem with this script is that the new security settings of the
>browsers (tested in NN4 and IE5 Win98) don't allow you to make changes in
>another domain, so you cannot execute a script from your site that
>influences someone else's frameset.
>
>So I wrote the script
>
>if (top.location.href != self.location.href) top.location.href =
>self.location.href;
>
>and the browsers refused to execute it because of security. So far so bad.
>
>Then I wrote a second script that does
>
>if (top.bladie) top.location.href = self.location.href;
-- 

___________________
- Erik Mattheis
http://gozz.com/

(612) 827 3963






More information about the thelist mailing list