Reputation:
javascript on twitter to prevent embedding the html page
This is the javascript that you can find in www.twitter.com (just click to see the source code) I have just reformatted it for clarity:
if (window.top !== window.self) {
document.write = "";
window.top.location = window.self.location;
setTimeout(function() {
document.body.innerHTML = '';
}, 1);
window.self.onload = function(evt) {
document.body.innerHTML = '';
};
}
now I understand this trick is to prevent other sites to wrap twitter in other iframes. but what I want to ask is do we really need all of this code ? what's the need of setting a function to execute in 1 millisecond, one to execute at 'onload' and one now.
is that paranoia or is it really worth ?
Many THanks in advance Reg
Upvotes: 3
Views: 170
Answers (1)
Reputation: 360762
Most browsers will only open one or two connections to the server while the page is loading, which means the redirect has to sit in the queue while the original copy of the page loads. You may have noticed that the "current" page in the browser remains interactive/useable when you click on a link, until the new page actually starts downloading. The timeout/onload stuff kills the content of the page, theoretically aborting any of the in-progress transfers and bumping the redirect to the top of the list. And also prevents the page from being used within the frame/iframe, until the framebuster code has finished.
Upvotes: 2
Related Questions
- How to safely allow embed content?
- Unable to embed tweet into HTML
- Don't execute javascript inside html tag
- Embed Twitter Feed without Javascript
- How to share twitter even when pop-up is blocked using javascript in website
- How to prevent access to web app that is intended for embedding?
- Allow users to embed tweets using only URL
- Preventing user from inserting *
- OAuth Javascript: twitter, security through obscurity? Have a better approach?
- Twitter Box Embed?