WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:
Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users
Course Of The Month
6 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Give it your best shot
Posted on 1999-01-20
This one should be somewhat fun. Im trying to link to http://www.adobe.com/homepage.shtml from within a frame in my website, but they have running a javascript which makes sure that the page loads into the entire window (not a new window, Im talking the target="_top" window).
If anyone can come up with a way to "beat" this, and enable me to keep www.adobe.com within one of my frames, Ill be very grateful.
If anyone can come up with a way to "beat" this, and enable me to keep www.adobe.com within one of my frames, Ill be very grateful.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
-
3
7 Comments
Oh no..darn frame..escape!! escape!!
Here is one way to do it.
If you can run cgi/server side script, you can load the page off screen (thru the cgi, strip the javacript part and reassemble the html page and then output it from the buffer to the client side. EZ, eh?
Here is one way to do it.
If you can run cgi/server side script, you can load the page off screen (thru the cgi, strip the javacript part and reassemble the html page and then output it from the buffer to the client side. EZ, eh?
PBall:
Do you have a script-example of somekind?
John:
Its just your generic frameset. The user will click on a link in the nav frame, and Id like Adobe's site to come up in the "main" frame.
<html>
<head>
<title>GoalView</title>
</head>
<frameset FRAMEBORDER="0" FRAMESPACING="0" MARGINWIDTH="0" MARGINHEIGHT="0" RESIZE="NO" cols="160,*">
<frame SRC="2.html" NAME="nav" target="main" marginwidth="0" marginheight="0" scrolling="vertical" frameborder="0" noresize>
<frame SRC="3.html" NAME="main" target="main" marginwidth="0" marginheight="0" scrolling="vertical" frameborder="0" noresize>
<noframes>
<body>
</body>
</noframes>
</frameset>
<frameset>
<noframes>
</noframes>
</frameset>
</html>
Do you have a script-example of somekind?
John:
Its just your generic frameset. The user will click on a link in the nav frame, and Id like Adobe's site to come up in the "main" frame.
<html>
<head>
<title>GoalView</title>
</head>
<frameset FRAMEBORDER="0" FRAMESPACING="0" MARGINWIDTH="0" MARGINHEIGHT="0" RESIZE="NO" cols="160,*">
<frame SRC="2.html" NAME="nav" target="main" marginwidth="0" marginheight="0" scrolling="vertical" frameborder="0" noresize>
<frame SRC="3.html" NAME="main" target="main" marginwidth="0" marginheight="0" scrolling="vertical" frameborder="0" noresize>
<noframes>
<body>
</body>
</noframes>
</frameset>
<frameset>
<noframes>
</noframes>
</frameset>
</html>
chilcote: nope, never really done it myself, but it's the same concept when you "steal" a feed from another site, say for a stock ticker update.
I might try it someday just to know if I can do it :) in my case, I'll be using VB Internet Transfer Protocol component, with this thing, I believe I can read another website into a string buffer, parse the buffer looking for specific part and just get what I want. It's kinda like a filter system. get your input and get the desired output.
I think this is the only way to do it (using server side help). I can't think of any way to do it purely in client side scripting.
Hehe, frame escaper killer - chuckle
I might try it someday just to know if I can do it :) in my case, I'll be using VB Internet Transfer Protocol component, with this thing, I believe I can read another website into a string buffer, parse the buffer looking for specific part and just get what I want. It's kinda like a filter system. get your input and get the desired output.
I think this is the only way to do it (using server side help). I can't think of any way to do it purely in client side scripting.
Hehe, frame escaper killer - chuckle
Okay, I suppose that helps.....but Id really like to get my hands on a code example or two...or at least find a site which does what Im looking for. But yes, I agree...server side scripting seems to be the only way to do it.
Here is a sample code on how to use Internet Transfer Protocol from inside ASP:
<%
Set Inet = Server.CreateObject("InetC
Inet.RequestTimeOut=30
Inet.Url = "http://www.yahoo.com"
//retrieve the web page into a string buffer.
Content = Inet.OpenURL
//you can parse the value of Content string here..
//and take out the script parts.
NewContent = filter(Content)
//output the filtered content to the client
Response.Write NewContent
%>
<%
Set Inet = Server.CreateObject("InetC
Inet.RequestTimeOut=30
Inet.Url = "http://www.yahoo.com"
//retrieve the web page into a string buffer.
Content = Inet.OpenURL
//you can parse the value of Content string here..
//and take out the script parts.
NewContent = filter(Content)
//output the filtered content to the client
Response.Write NewContent
%>
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
Originally, this post was published on Monitis Blog, you can check it
here
.
Websites are getting bigger and more complicated by the day. Video, images and custom fonts are all great for showcasing your product or service. But the price to pay in…
- Web Development
- Web Applications
- HTML
- Magento
- Web Development Software
- Monitis, Networking, *Hosting, *Monitoring tool, *Monitoring Software
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5.
As we learned in our last micr…
The viewer will learn the basics of jQuery, including how to invoke it on a web page.
Reference your jQuery libraries: (CODE)
Include your new external js/jQuery file: (CODE)
Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses
Course of the Month6 days, 2 hours left to enroll
705 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.