Ok, I just found out one of those completely weird things that keep life interesting for the web developer. I want to write a general purpose frame busting script for when your site is loaded into someone else's frameset. The known problem with this script is that the new security settings of the browsers (tested in NN4 and IE5 Win98) don't allow you to make changes in another domain, so you cannot execute a script from your site that influences someone else's frameset. So I wrote the script if (top.location.href != self.location.href) top.location.href = self.location.href; and the browsers refused to execute it because of security. So far so bad. Then I wrote a second script that does if (top.bladie) top.location.href = self.location.href; where 'bladie' is the name of one of the frames. So if the frame 'bladie' exists the frameset is wrong and should be busted. This script works! I don't understand at all what the difference is (there should be none, from security point of view) but there is a difference all right! So once again I'd like to ask for your help. 1) Go to http://www.xs4all.nl/~ppk/frametest.html 2) The lower frame tries a frame bust; this should fail miserably and produce JS errors. 3) Click the link "Load second page" 4) A new page is loaded into the lower frame and tries a frame bust. This should succeed. If anything goes differently from what I described above, please let me know what goes wrong and what browser/OS you're using. BTW: this solution does not work in Gecko M17. My current guess is that the security stuff is linked to the seeing-what-URL-we're-on, not the actual changing of the location. But I may be completely wrong. Thanks in advance, ppk PS: Please cc me, I read the digest.