Iframe security pass

The check if someone show your website in iframe u use:

if (top.location != location) top.location.href = location.href;

Is this check breakable ?
rares_dumitrescuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hieloCommented:
>>Is this check breakable ?
Yes. If I disable javascript on my browser, I can embed your page in an iframe and view your page from within an iframe.

However, as long as javascript is enabled, it will force the page in the iframe to be loaded/viewable directly in the browser.
0
rares_dumitrescuAuthor Commented:
without disabling javascript ?
0
hieloCommented:
Like I said:
"However, as long as javascript is enabled, it will force the page in the iframe to be loaded/viewable directly in the browser."
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

rares_dumitrescuAuthor Commented:
If i am the one who uses iframe, can i trick it ? I mean if i want to keep the page in iframe.
0
hieloCommented:
>>I mean if i want to keep the page in iframe
OK, I see. No you cannot. You do not have access to the javascript on the iframe page. The browser doesn't even know what the page in the iframe WILL send. As the page in the iframe is loading, the browser eventually sees the javascript code above and executes it as soon as it sees it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
scrathcyboyCommented:
"f (top.location != location) top.location.href = location.href; "

is primarily used by major commercial sites with lots of embedded code, and the reason is, their pages are so complex that they cannot render correctly if stuffed into an Iframe on another page.  On very complex pages it matters -- on most other pages, it does not matter.  There are probably MILLIONS of smaller websites adding content from other sites into IFrames.  WHY WORRY ABOUT IT?  Others are doing it, and you can do it too -- most pages will work, some will not because of the code in them.  Try it to see.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
HTML

From novice to tech pro — start learning today.