Overriding location.replace in FireFox

I am trying to override location.replace  = function() {...} and it works for IE, but FF ignores this override.

In general i am trying to prevent location.replace to happen in an iframe to avoid iframe-breaking behavior.
location.replace = new Function("return false");

Open in new window

ppashinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michel PlungjanIT ExpertCommented:
Can you tell us a good reason to break a frame breaking script, please? If your reason is good enough, perhaps we can help you anyway.
If not I see this as you needing our help in forcing people's websites to STAY inside your site even though they EXPLICITLY do not want that? Sounds like a copyright infringement right there...

I am actually amazed it even works in IE since you override another site's behaviour. It should be registered as a security violation at Microsoft.


0
ppashinAuthor Commented:
i am building an online browser
*** site removed as requested ***

Open in new window

0
Michel PlungjanIT ExpertCommented:
location.replace is window specific - are you telling me that IE will allow you to override the top.location.replace and that will stop iframes from breaking out of frames?
And what do you do with
<a href="bla.html" target="_top">Break out of frames</a>

and what do you do with

window.open(url,"_top")

and what do you do with

window.open(url,"_blank")
which will open in a new tab ?

I get a "Firefox prevented this url from asking you to install software"
Is that from the replace thing?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

ppashinAuthor Commented:
Yes, we have a FF and IE plugins that prevent <a href="bla.html" target="_top">Break out of frames</a>

by modifying contents of the site. I wasn't aware of other methods and will need a work around for them as well
0
Michel PlungjanIT ExpertCommented:
So have the plugin (or a server proxy?) detect and remove the .replace too
0
ppashinAuthor Commented:
by plugin i mean FF extension and IE BHO. no proxies as we can get access to the document using pluggins.

Can you give me a code sample for FF extension on how would i remove .replace.
0
Michel PlungjanIT ExpertCommented:
No. Sorry. Never made any extensions.
If you can modify the html on the fly, just add
<script>
location.replace=function() {return ""}
</script>

IN the page you are loading

0
ppashinAuthor Commented:
I've tried replacing location.replace with another function but it still retains its original in firefox. Do you know of a method to retrieve scripts from a page, including those that are taken from another src, and modify its contents?
0
Michel PlungjanIT ExpertCommented:
If you override location.replace anywhere on page page, it will not work regardless from where the call to location.replace is coming from.
0
Michel PlungjanIT ExpertCommented:
So location.replace is read only in FF
try

document.body.parentNode.innerHTML=document.body.parentNode.innerHTML.replace(/top.location.replace/g,'self.location.replace;')

in a script on the page
0
ppashinAuthor Commented:
That works well unless the script is from an external source. How can I replace those scripts as well?
0
Michel PlungjanIT ExpertCommented:
Dunno. I would use a proxy for all - no need for further extensions or IE scripts
0
ppashinAuthor Commented:
External source meaning <script src=/js/iframe_breaking_script.js ></script>
0
Michel PlungjanIT ExpertCommented:
Yes, I know. And I do not know how to fix that unless you proxy everything:

<script src=http://www.yourserver.com/proxy?url=http://theirserver.com/js/iframe_breaking_script.js ></script>


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michel PlungjanIT ExpertCommented:
Answers given, confidential info can be removed if necessary
0
ppashinAuthor Commented:
I was looking for an answer concerning no proxies. If i were to use a proxy, i wouldn't post this question.

I insist that you remove this conversation from the web.
0
Michel PlungjanIT ExpertCommented:
Exactly.

I tried my best to help you with suggestions and workarounds.

The ultimate answer is:
1. location.replace is read-only in firefox - that is the answer to the original question
2. location.replace is only one of MANY ways to break out of frames
3. If site owners want not to be framed, you should respect that - if you get permission, you can proxy your way out of most of the frame breakers.

My answers and time is freely given, but just because you do not like the answers does not mean you have to shoot the messenger.

There is enough information for you in this question to award an "A" grade and pose a new question about how to write a plugin.

Thanks

Michel
PS: I have removed or deleted all references to the site you are building.
0
ppashinAuthor Commented:
So if i close the questions, will you remove this conversation from the web?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JavaScript

From novice to tech pro — start learning today.