[thelist] Frame busting

Erik Mattheis gozz at gozz.com
Mon Sep 11 11:23:56 CDT 2000

Can anybody else confirm this? I think and hope there is a misunderstanding:

It is only the location property of a frame from another domain that 
is inaccessible to your scripts.

Don't say:

if (top.location.href != self.location.href)


if (top != self)

or if your site doesn't use frames:

if (top.frames.length)

>Ok, I just found out one of those completely weird things that keep life
>interesting for the web developer.
>I want to write a general purpose frame busting script for when your site
>is loaded into someone else's frameset.
>The known problem with this script is that the new security settings of the
>browsers (tested in NN4 and IE5 Win98) don't allow you to make changes in
>another domain, so you cannot execute a script from your site that
>influences someone else's frameset.
>So I wrote the script
>if (top.location.href != self.location.href) top.location.href =
>and the browsers refused to execute it because of security. So far so bad.
>Then I wrote a second script that does
>if (top.bladie) top.location.href = self.location.href;

- Erik Mattheis

(612) 827 3963

More information about the thelist mailing list