[thelist] Detect Parent URL from embedded iFrame

Alex Beston alex.beston at gmail.com
Thu Oct 14 16:50:05 CDT 2010


Tony

actually you can break out of frames / iframes:

http://bit.ly/stop-framing

but back to the OP, why not try a http_referrer variable?

$_SERVER['HTTP_REFERER']

... so that you have that inside your page and you email yourself with
that value.

So this might be a way to do it: however not all webservers give out
this variable, so theres a limit to this method (see note at end of
this msg).

they cant stop you putting a bit of javascript in your code but trying
to see what the top.location is (the value you asked for in your OP)
is an unsafe javascript proceedure and youll get this:

Unsafe JavaScript attempt to access frame with URL www.site-with-iframe.com
from frame with URL www.site-with-the-content.com

Domains, protocols and ports must match.

I think its a XSS (cross site scripting) deal.

Anyway, check this out:

http://deltatraffic.co.uk/misc-web/getAnotherSiteContent.html

I have two sites I own so I can demonstrate what can be done.
combination of php / asp & JS will do the trick.

last thought. if make sure your server outputs an http_referrer value,
so that when your page is loaded by another site, the reported value
is going to be either *blank* or a different value, so you know your
site has been iframed.

-- 
rgds, Alex

blarg: bit.ly/old-log
---------------------------------------------------------------------


More information about the thelist mailing list