Selective break Javascript

Question

Selective break Javascript

At some point in the past month, a random website decided to frame my company site. Ignoring the question "what are they doing?" for a minute i was using simple Javascript:

<script type="text/javascript">
if (top.location != location) {
    top.location.href = document.location.href ;
}
</script>

This part works great. The problem is that not all frames are bad: if someone visits the site through ow.ly , we don't want to destroy its frames. I've tried to do a few things, either whitelist owlly or blacklist the offending site, but I can't seem to bypass the cross- top.location

security long enough to search top.location

. Can I only block some frames based on the URL?

To clarify, I understand that I am unlikely to win a framework-breaking arms race. I'm fine with that. I am trying to create a whitelist of sites that are allowed to display our site in a frame.

+2

javascript frames

ojrac 17 Sep 09 at 19:17

source to share

1 answer

Ateş Göral · Accepted Answer · 2009-09-17T19:28:37+0000

Use some help from your backend. You can check the referrer HTTP header and then enable your frame traffic accordingly.

Selective break Javascript

More articles: