We help IT Professionals succeed at work.

Iframe security pass

rares_dumitrescu
on
The check if someone show your website in iframe u use:

if (top.location != location) top.location.href = location.href;

Is this check breakable ?
Comment
Watch Question

CERTIFIED EXPERT
Expert of the Year 2008
Top Expert 2008

Commented:
>>Is this check breakable ?
Yes. If I disable javascript on my browser, I can embed your page in an iframe and view your page from within an iframe.

However, as long as javascript is enabled, it will force the page in the iframe to be loaded/viewable directly in the browser.

Author

Commented:
without disabling javascript ?
CERTIFIED EXPERT
Expert of the Year 2008
Top Expert 2008

Commented:
Like I said:
"However, as long as javascript is enabled, it will force the page in the iframe to be loaded/viewable directly in the browser."

Author

Commented:
If i am the one who uses iframe, can i trick it ? I mean if i want to keep the page in iframe.
CERTIFIED EXPERT
Expert of the Year 2008
Top Expert 2008
Commented:
>>I mean if i want to keep the page in iframe
OK, I see. No you cannot. You do not have access to the javascript on the iframe page. The browser doesn't even know what the page in the iframe WILL send. As the page in the iframe is loading, the browser eventually sees the javascript code above and executes it as soon as it sees it.
"f (top.location != location) top.location.href = location.href; "

is primarily used by major commercial sites with lots of embedded code, and the reason is, their pages are so complex that they cannot render correctly if stuffed into an Iframe on another page.  On very complex pages it matters -- on most other pages, it does not matter.  There are probably MILLIONS of smaller websites adding content from other sites into IFrames.  WHY WORRY ABOUT IT?  Others are doing it, and you can do it too -- most pages will work, some will not because of the code in them.  Try it to see.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.