Talk:Framekiller

Latest comment: 12 years ago by Miqrogroove in topic Dated Content

Example

edit

An example WP plugin of a framekiller, eg for Digg bar, is this suitable to add here ? 91.108.171.169 (talk) 03:03, 11 April 2009 (UTC)Reply


A php example to block digg bar from working [1] —Preceding unsigned comment added by 68.76.86.215 (talk) 18:25, 11 April 2009 (UTC)Reply

Some browsers support the X-FRAME-OPTIONS header, which has a similar effect, but doesn't require JavaScript. Wehe (talk) 10:38, 21 January 2010 (UTC)weheReply

A link to this page from related article is: http://noscript.net/faq#clearclick —Preceding unsigned comment added by 80.38.112.183 (talk) 11:45, 6 August 2010 (UTC)Reply

Yeah, somebody added a {{refimprove}} tag, I replaced it by a reference to the NoScript-FAQ. –82.113.106.31 (talk) 21:48, 5 April 2011 (UTC)Reply

Example script

edit

The example script might be a bit too long, on my pages I use a one-liner:

<body onload="if (parent.location != location) parent.location=location">

82.113.106.31 (talk) 21:40, 5 April 2011 (UTC)Reply

This code doesn't do the job. Read about 204 flushing, location clobbering and using the parent object. It's all described in the referenced paper "Busting frame busting". — Preceding unsigned comment added by 155.56.68.217 (talk) 12:34, 21 October 2011 (UTC)Reply

Iframe-less framer and the killer

edit

All well and good. But there's a way that frames without iframes. Its a validation nightmare but a possible alternative. Its used by sites like blogadda[.]com

www.blogadda.com/showblog?url=[YOUR_URL]

The site used a div to display your page, !doctype html head and all tags included. Even your scripts and css.

standard frame-bursting with top.location = self.location like code is useless!

However, they (have to?) use an id for the container and frame s.

Just realized, all I needed to do was set frameid{display:none} in my css!

Works fine when it comes to the look of the page, but the url remains theirs.

Any better way I can overcome that kind of an attack?Sarindam7 21:30, 10 June 2011 (UTC)

This looks like a different kind of "attack". Like u said, no frames are involved and no clickjacking takes place. Thus no framebusting code is required. They are "just" stealing your blog's content. — Preceding unsigned comment added by 155.56.68.217 (talk) 12:38, 21 October 2011 (UTC)Reply

Dated Content

edit

Most of this article's content was made obsolete a long time ago by the HTML 5 sandbox attribute. It needs to be updated or re-written from a more comprehensive point of view. Miqrogroove (talk) 05:12, 3 November 2012 (UTC)Reply