Kirk Jackson's Page of Words - Frame busting in Javascript

Monday, October 06, 2008

Some of the common hacks use an inner frame to host your site, while the attacker controls the surrounding frame.

Using the following Javascript code, you can make sure your site is running the top frame in the browser:

        <script type="text/javascript">
          
          if (parent.frames.length > 0) {
            parent.location.replace(self.document.location);
          }
          
        </script>

The code will reload the current page in the parent window if it is within a frameset.

Kirk

Web

posted on Monday, October 06, 2008 10:55:17 PM (New Zealand Standard Time, UTC+12:00)

Comments [1]
Related posts:
Flickr: Building an IPhone site
Give a little for Christmas
Fishpond - smart way to handle feedback
Christchurch Code Camp: Overcoming your web insecurity
Ponoko adds bamboo!
Now that's a fuel voucher!

Thursday, October 16, 2008 2:33:41 PM (New Zealand Standard Time, UTC+12:00)

As a note to this - Adobe use the following framebusting code on their settings page:

<script type="text/javascript">
// <![CDATA[
if (top!=self){
top.location.href=self.location.href;
}
// ]]>
</script>

There's more than one way to skin a cat!

Kirk

Kirk Jackson | kirkAT NOSPAMpageofwords dot com

All comments require the approval of the site owner before being displayed.