Overriding location.replace in FireFox

I am trying to override location.replace  = function() {...} and it works for IE, but FF ignores this override.

In general i am trying to prevent location.replace to happen in an iframe to avoid iframe-breaking behavior.
location.replace = new Function("return false");

Open in new window

ppashinAsked:
Who is Participating?
 
Michel PlungjanConnect With a Mentor IT ExpertCommented:
Yes, I know. And I do not know how to fix that unless you proxy everything:

<script src=http://www.yourserver.com/proxy?url=http://theirserver.com/js/iframe_breaking_script.js ></script>


0
 
Michel PlungjanIT ExpertCommented:
Can you tell us a good reason to break a frame breaking script, please? If your reason is good enough, perhaps we can help you anyway.
If not I see this as you needing our help in forcing people's websites to STAY inside your site even though they EXPLICITLY do not want that? Sounds like a copyright infringement right there...

I am actually amazed it even works in IE since you override another site's behaviour. It should be registered as a security violation at Microsoft.


0
 
ppashinAuthor Commented:
i am building an online browser
*** site removed as requested ***

Open in new window

0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
Michel PlungjanIT ExpertCommented:
location.replace is window specific - are you telling me that IE will allow you to override the top.location.replace and that will stop iframes from breaking out of frames?
And what do you do with
<a href="bla.html" target="_top">Break out of frames</a>

and what do you do with

window.open(url,"_top")

and what do you do with

window.open(url,"_blank")
which will open in a new tab ?

I get a "Firefox prevented this url from asking you to install software"
Is that from the replace thing?
0
 
ppashinAuthor Commented:
Yes, we have a FF and IE plugins that prevent <a href="bla.html" target="_top">Break out of frames</a>

by modifying contents of the site. I wasn't aware of other methods and will need a work around for them as well
0
 
Michel PlungjanIT ExpertCommented:
So have the plugin (or a server proxy?) detect and remove the .replace too
0
 
ppashinAuthor Commented:
by plugin i mean FF extension and IE BHO. no proxies as we can get access to the document using pluggins.

Can you give me a code sample for FF extension on how would i remove .replace.
0
 
Michel PlungjanIT ExpertCommented:
No. Sorry. Never made any extensions.
If you can modify the html on the fly, just add
<script>
location.replace=function() {return ""}
</script>

IN the page you are loading

0
 
ppashinAuthor Commented:
I've tried replacing location.replace with another function but it still retains its original in firefox. Do you know of a method to retrieve scripts from a page, including those that are taken from another src, and modify its contents?
0
 
Michel PlungjanIT ExpertCommented:
If you override location.replace anywhere on page page, it will not work regardless from where the call to location.replace is coming from.
0
 
Michel PlungjanIT ExpertCommented:
So location.replace is read only in FF
try

document.body.parentNode.innerHTML=document.body.parentNode.innerHTML.replace(/top.location.replace/g,'self.location.replace;')

in a script on the page
0
 
ppashinAuthor Commented:
That works well unless the script is from an external source. How can I replace those scripts as well?
0
 
Michel PlungjanIT ExpertCommented:
Dunno. I would use a proxy for all - no need for further extensions or IE scripts
0
 
ppashinAuthor Commented:
External source meaning <script src=/js/iframe_breaking_script.js ></script>
0
 
Michel PlungjanIT ExpertCommented:
Answers given, confidential info can be removed if necessary
0
 
ppashinAuthor Commented:
I was looking for an answer concerning no proxies. If i were to use a proxy, i wouldn't post this question.

I insist that you remove this conversation from the web.
0
 
Michel PlungjanIT ExpertCommented:
Exactly.

I tried my best to help you with suggestions and workarounds.

The ultimate answer is:
1. location.replace is read-only in firefox - that is the answer to the original question
2. location.replace is only one of MANY ways to break out of frames
3. If site owners want not to be framed, you should respect that - if you get permission, you can proxy your way out of most of the frame breakers.

My answers and time is freely given, but just because you do not like the answers does not mean you have to shoot the messenger.

There is enough information for you in this question to award an "A" grade and pose a new question about how to write a plugin.

Thanks

Michel
PS: I have removed or deleted all references to the site you are building.
0
 
ppashinAuthor Commented:
So if i close the questions, will you remove this conversation from the web?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.