1

If anyone knows, I would like to make it so no one can put my iWeb site in an iframe? How do I make my pages automatically break out of iframes?

raam86
  • 6,283
  • 1
  • 25
  • 45
AaronH
  • 47
  • 3
  • 9

2 Answers2

2

This answer applies to this question as well:

This code will work if it is placed in the HTML that is referenced inside an iframe. The way it works is it looks at top (the page you requested that includes an iframe) and self the page inside the iframe. If there are different then it changes the top.location to match the URL of the iframe.

Here is some ASCII to help understand this

|----[OuterPage.html]------|
|                          |
|    |--[InnerPage.html]-| |
|    |                   | |
|    | top !== self      | |
|    |                   | |
|    |-------------------| |
|                          |
| top === self             |
|                          |
|--------------------------|

If you request InnerPage.html by itself (not in an iframe) then top === self will evaluate to true, however if you request the same page inside an iframe then the same condition will evaluate as false.

Community
  • 1
  • 1
Jason Sperske
  • 27,420
  • 8
  • 63
  • 116
1

There is also a http header X-Frame-Origin as specified here, that you can put into the server response, which will block the browser from rendering the iframe at all, if set to SAMEORIGIN.

However it's a browser dependant solution (as in the browser will have to support the header to respect its value), but nicer than JS trickery IMO.

Psytronic
  • 5,887
  • 5
  • 35
  • 54
  • What if you combine both solutions - is there any benefit to using both over using just the javascript solution? – John Dvorak Jul 05 '13 at 19:13
  • No reason you couldn't do both, the JS would fire for any browsers that don't respect header. It's still not 100% successful though (Someone could be on an unsupporting browser, with JS disabled), but that's such an edge-case I would say it's not really worth worrying about. – Psytronic Jul 05 '13 at 20:37