[thelist] 'click to remove this frame' link... - a solution

[Chris George]

Yup, thought so.  I was reading a small tutorial on it and they alluded to
it being a security risk, but were still a little vague on whether it was or
not.

At any rate, what I ended up doing is in the page the frameset actually gets
launched from, the link looks like this:

<a href="foo.php?url=http://www.offsitefoo.com">

And then through the wonderful features of PHP it gets automatically added
to $HTTP_GET_VARS[] ('cause it's a get action, even if it doesn't
technically come from a form).  I then reference the top frameset like so:

<frame name="topNav" src="topnav.php?url=<? echo "$HTTP_GET_VARS[url]" ?>

In order for the url to be carried over to the page that actually needs it.
Bear in mind, still nothing's hardcoded, which is groovy.

Anyway. In the topnav.php file all you need to do is:

<a href="<? Echo "$HTTP_GET_VARS[url] ?>" target="_top">REMOVE FRAME</a>

The one small little downside is that if they navigate through the remote
site, and _then_ click on the 'remove frame' link, it takes them to the
original remote page called, not the page they were on.  Which is to say it
operates like any other I've seen out there...

So that's a solution, anyway.

---
cdg

on 7/24/2001 1:34 AM, Peter-Paul Koch at gassinaumasis at hotmail.com wrote:

> 
> Correct, this is security. You are not allowed to read out information about
> pages that come from another server. I'm afraid that what you want is not
> going to work.
> 
> For more information, see
> http://www.xs4all.nl/~ppk/js/index.html?framebust.html
> 
> ppk