[thelist] Frame busting
Erik Mattheis
gozz at gozz.com
Mon Sep 11 11:23:56 CDT 2000
Can anybody else confirm this? I think and hope there is a misunderstanding:
It is only the location property of a frame from another domain that
is inaccessible to your scripts.
Don't say:
if (top.location.href != self.location.href)
Try:
if (top != self)
or if your site doesn't use frames:
if (top.frames.length)
>Ok, I just found out one of those completely weird things that keep life
>interesting for the web developer.
>
>I want to write a general purpose frame busting script for when your site
>is loaded into someone else's frameset.
>
>The known problem with this script is that the new security settings of the
>browsers (tested in NN4 and IE5 Win98) don't allow you to make changes in
>another domain, so you cannot execute a script from your site that
>influences someone else's frameset.
>
>So I wrote the script
>
>if (top.location.href != self.location.href) top.location.href =
>self.location.href;
>
>and the browsers refused to execute it because of security. So far so bad.
>
>Then I wrote a second script that does
>
>if (top.bladie) top.location.href = self.location.href;
--
___________________
- Erik Mattheis
http://gozz.com/
(612) 827 3963
More information about the thelist
mailing list