Selective break Javascript
At some point in the past month, a random website decided to frame my company site. Ignoring the question "what are they doing?" for a minute i was using simple Javascript:
<script type="text/javascript">
if (top.location != location) {
top.location.href = document.location.href ;
}
</script>
This part works great. The problem is that not all frames are bad: if someone visits the site through ow.ly , we don't want to destroy its frames. I've tried to do a few things, either whitelist owlly or blacklist the offending site, but I can't seem to bypass the cross- top.location
security long enough to search top.location
. Can I only block some frames based on the URL?
To clarify, I understand that I am unlikely to win a framework-breaking arms race. I'm fine with that. I am trying to create a whitelist of sites that are allowed to display our site in a frame.
source to share