[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Overriding location.replace in FireFox

Posted on 2008-11-19
21
Medium Priority
?
1,523 Views
Last Modified: 2012-05-05
I am trying to override location.replace  = function() {...} and it works for IE, but FF ignores this override.

In general i am trying to prevent location.replace to happen in an iframe to avoid iframe-breaking behavior.
location.replace = new Function("return false");

Open in new window

0
Comment
Question by:ppashin
  • 10
  • 8
18 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23002258
Can you tell us a good reason to break a frame breaking script, please? If your reason is good enough, perhaps we can help you anyway.
If not I see this as you needing our help in forcing people's websites to STAY inside your site even though they EXPLICITLY do not want that? Sounds like a copyright infringement right there...

I am actually amazed it even works in IE since you override another site's behaviour. It should be registered as a security violation at Microsoft.


0
 

Author Comment

by:ppashin
ID: 23004073
i am building an online browser
*** site removed as requested ***

Open in new window

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23004153
location.replace is window specific - are you telling me that IE will allow you to override the top.location.replace and that will stop iframes from breaking out of frames?
And what do you do with
<a href="bla.html" target="_top">Break out of frames</a>

and what do you do with

window.open(url,"_top")

and what do you do with

window.open(url,"_blank")
which will open in a new tab ?

I get a "Firefox prevented this url from asking you to install software"
Is that from the replace thing?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ppashin
ID: 23004182
Yes, we have a FF and IE plugins that prevent <a href="bla.html" target="_top">Break out of frames</a>

by modifying contents of the site. I wasn't aware of other methods and will need a work around for them as well
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23004207
So have the plugin (or a server proxy?) detect and remove the .replace too
0
 

Author Comment

by:ppashin
ID: 23004248
by plugin i mean FF extension and IE BHO. no proxies as we can get access to the document using pluggins.

Can you give me a code sample for FF extension on how would i remove .replace.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23004321
No. Sorry. Never made any extensions.
If you can modify the html on the fly, just add
<script>
location.replace=function() {return ""}
</script>

IN the page you are loading

0
 

Author Comment

by:ppashin
ID: 23004576
I've tried replacing location.replace with another function but it still retains its original in firefox. Do you know of a method to retrieve scripts from a page, including those that are taken from another src, and modify its contents?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23004665
If you override location.replace anywhere on page page, it will not work regardless from where the call to location.replace is coming from.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23004854
So location.replace is read only in FF
try

document.body.parentNode.innerHTML=document.body.parentNode.innerHTML.replace(/top.location.replace/g,'self.location.replace;')

in a script on the page
0
 

Author Comment

by:ppashin
ID: 23006509
That works well unless the script is from an external source. How can I replace those scripts as well?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23007521
Dunno. I would use a proxy for all - no need for further extensions or IE scripts
0
 

Author Comment

by:ppashin
ID: 23007710
External source meaning <script src=/js/iframe_breaking_script.js ></script>
0
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 1500 total points
ID: 23011194
Yes, I know. And I do not know how to fix that unless you proxy everything:

<script src=http://www.yourserver.com/proxy?url=http://theirserver.com/js/iframe_breaking_script.js ></script>


0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23146998
Answers given, confidential info can be removed if necessary
0
 

Author Comment

by:ppashin
ID: 23149208
I was looking for an answer concerning no proxies. If i were to use a proxy, i wouldn't post this question.

I insist that you remove this conversation from the web.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 23155728
Exactly.

I tried my best to help you with suggestions and workarounds.

The ultimate answer is:
1. location.replace is read-only in firefox - that is the answer to the original question
2. location.replace is only one of MANY ways to break out of frames
3. If site owners want not to be framed, you should respect that - if you get permission, you can proxy your way out of most of the frame breakers.

My answers and time is freely given, but just because you do not like the answers does not mean you have to shoot the messenger.

There is enough information for you in this question to award an "A" grade and pose a new question about how to write a plugin.

Thanks

Michel
PS: I have removed or deleted all references to the site you are building.
0
 

Author Comment

by:ppashin
ID: 23164243
So if i close the questions, will you remove this conversation from the web?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question