How can I check which site has an embedded javascript icon?

Question

How can I check which site has an embedded javascript icon?

I want to allow users to insert icons on my personal site or blogs with a javascript snippet. The badge is configured on our site based on their profile information, which is "approved" at some point.

Is there a better way to check which website the javascript is embedded in and if it doesn't match the website in their "approved" profile, nothing is displayed. If it matches html injection etc.

thank

+1

javascript embedding badge

Cawlin 02 dec. '08 at 22:43

source to share

2 answers

You can check the top url using:

var topUrl = top.location.href;

0

Pim jager 02 dec. '08 at 23:00

source to share

Már Örlygsson · Accepted Answer · 2008-12-05T00:07:04+0000

Two methods immediately come to mind:

Configure your server to record the "Referer" header of all javascript requests and even check it against a list of approved urls and return an error code ( 403 Forbidden

looks like a winner).

Ask Javascript to "call home" - tell where it is - like this:

var etCallHome = new Image();
etCallHome = "http://yoursite.com/logger?url="+document.location.href;

You can also combine both approaches for luck. :-)

How can I check which site has an embedded javascript icon?

More articles: