jebsilver
asked on
Disabling frame busting script
I have a page that contains an iframe. It's basically a browser within a browser, and loads web pages from different sites into it. The problem is that some of those sites have "frame busting" javascript, and will pop themselves out of the frame. It ususally is some varation of this:
function changePage() {
if (self.parent.frames.length != 0)
self.parent.location=docum ent.locati on;
}
Is there anyway I can programatically defeat this code so it won't run? I can't turn off JS in the browser as it's needed elsewhere on the page.
function changePage() {
if (self.parent.frames.length
self.parent.location=docum
}
Is there anyway I can programatically defeat this code so it won't run? I can't turn off JS in the browser as it's needed elsewhere on the page.
ASKER
I understand your point, however this is for an internal app. Our users are allowed to post links to other sites, and this allows our admins to quickly inspect and approve that external content. This is why we need it to stay in the frame.
JS isn't required in the frame page. What do you suggest?
JS isn't required in the frame page. What do you suggest?
You can utilize the XMLhttp object to retrieve the output HTML of the url and the insert that HTML into the body of the iframe. In this case, the page is never loaded into the frame so you should not have an issue with the scripts.
ASKER
Could you give me an example of this code?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That works, but our production firewall blocks all outbound requests :(
I'll try writting the JS to get the page. If you know how to write the regular expression to strip <script> tags, I'd love to hear it.
I'll try writting the JS to get the page. If you know how to write the regular expression to strip <script> tags, I'd love to hear it.
When you say that javascript is needed elsewhere in the page, do you mean your page or the page that is in the frame. If you do not need the javascript in the frame page then yes, you can get around this issue.
Neal.