[thelist] https site in a frame of an http site

Kristy Frey kristenannfrey at yahoo.com
Thu Oct 11 18:39:51 CDT 2001


Thanks Kevin - BTW,  I stuck this in my page:

<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
<!--
function GetOutOfFrame()
{
  if (top.location != location) 
	{
    top.location.href = document.location.href ;
  }
}
//-->
</SCRIPT>

and put onload="GetOutOfFrame()" in the body tag.

Worked great!  Now I just sit back and wait for the
offender to start complaining!

--- "Kevin D. White" <nonzero at well.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The actual security is not compromised but the user
> has no idea what
> is an is not secure.  The little lock icon is
> triggered by the main
> requested page not the stuff inside it.  In the case
> of a frameset
> that mixes secure and insecure, the lock never
> lights.  Plus, the
> user should get a nasty warning about mixing secure
> and insecure
> content on page.
> 
> You might want to point out to the offending person
> that they are
> providing a nasty and confusing experience to their
> users.  You could
> also insert some JavaScript that detects that the
> page is being
> loaded in a frameset and blow the entire frameset
> away or pop an
> alert.
> 
> What that person doesn't realize is they have just
> give you complete
> license to do whatever you want on their site....
> 
> - ----- Original Message ----- 
> From: "Kristy Frey" <kristenannfrey at yahoo.com>
> 
> 
> > Does anyone know if the security provided by a
> > VeriSign Certificate is compromised when
> "somebody"
> > decides that they want to display my secure
> > https://... page in their http://... page that
> uses
> > frames.   My pages (which are php pages on a
> secure
> > site) DO NOT use frames, but "somebody" where i
> work
> > (a large college campus that does not promote
> frames
> > for accessibility reasons) decided they would
> display
> my pages within theirs via a frame.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
> 
>
iQA/AwUBO8YZioEZ+a0sYPYKEQIkygCfXNvAXvzsUOj0EU/0E1ARB32QSuMAnj3L
> GVlDzi2PUQU8Qe1gSfX+pQYJ
> =d65S
> -----END PGP SIGNATURE-----
> 
> 
> 
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt ! 


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com




More information about the thelist mailing list