Anti Frame Breaker Code
-
Hi all Need help on frame breaker code. i have a page with two frames in it.the pages are built in PHP. the first page displays page from my site whereas the second frame displays page from the other site for which i do not have control on. but for some sites that do have a frame breaker code in them, those pages open in the parent window rather than opening in the frame. have tried the security TAG in Iframe but it works only in IE. for mozilla its of no use. tried a few things but to no effect. tried from this link http://coderrr.wordpress.com/2009/02/13/preventing-frame-busting-and-click-jacking-ui-redressing/[^] is it even possibe to do so. Pls help Thanks in Advance. :) Sandeep
-
Hi all Need help on frame breaker code. i have a page with two frames in it.the pages are built in PHP. the first page displays page from my site whereas the second frame displays page from the other site for which i do not have control on. but for some sites that do have a frame breaker code in them, those pages open in the parent window rather than opening in the frame. have tried the security TAG in Iframe but it works only in IE. for mozilla its of no use. tried a few things but to no effect. tried from this link http://coderrr.wordpress.com/2009/02/13/preventing-frame-busting-and-click-jacking-ui-redressing/[^] is it even possibe to do so. Pls help Thanks in Advance. :) Sandeep
It seems to me, that the way I'd approach it is to do a GET on the desired page, scan the page for any offending code and fix as required. From the 2minute primer i've just had, it looks like a couple of prime strings to be commented out are "top.location= xxxxxxx" and "top.location.replace" I guess I'd just try loading the page into a string, and inserting a pair of '/' characters at the start of any line that contains either of the two strings I mentioned. That way, you've killed the javascript before it ever had a chance.:cool:
-
It seems to me, that the way I'd approach it is to do a GET on the desired page, scan the page for any offending code and fix as required. From the 2minute primer i've just had, it looks like a couple of prime strings to be commented out are "top.location= xxxxxxx" and "top.location.replace" I guess I'd just try loading the page into a string, and inserting a pair of '/' characters at the start of any line that contains either of the two strings I mentioned. That way, you've killed the javascript before it ever had a chance.:cool:
hi enhzflep thanks for the reply. can u pls elaborate with the code so that i can understand it. also if we try to get a page in a string and strip of the Javascript(frame breaker code) then what is the way to display the stripped content in a iframe. please have a look at the following link http://www.iframehtml.com/iframe-scripts.html[^] it tells way to strip the JS from the page but how to display that page in a iframe then Regards Sandeep.
-
hi enhzflep thanks for the reply. can u pls elaborate with the code so that i can understand it. also if we try to get a page in a string and strip of the Javascript(frame breaker code) then what is the way to display the stripped content in a iframe. please have a look at the following link http://www.iframehtml.com/iframe-scripts.html[^] it tells way to strip the JS from the page but how to display that page in a iframe then Regards Sandeep.
That's okay Sandeep. Thank-you for introducing me to the whole concept. It's been rather an interesting exercise. I've had a little play around, and come up with some code that will kill the framebuster in a page that I've been playing with. It's a two-file approach. There's the html file that makes the request, and the php file that retrieves the requested file then strips the offending code from it. In my simple example, I simply replace "top.location=self.location;" with "alert('Framebuster busted!');" All you'll have to do is to find, download and compress AjaxRequest.js (EDIT: http://www.ajaxtoolbox.com/request/source.php) [EDIT: No, you don't. I forgot I used a different method. Anyhow, it's still a good library] Here's some code to play with: 1. getPage.php
.*?<\/script>/i", "", $filter); */
// if($allowed&4 == 0) // 4
2. showInIFrame.html
Untitled Document
function onGoBtn()
{
var url, ifrm, src;
url = document.getElementById("urlInput").value;
ifrm = document.getElementById("tgtFrame");
src = "getPage.php?tgt="+url+"&rand="+parseInt(Math.random()*100);
ifrm.src = src;
}URL
Load into IFrame
Target Frame
