Bypass iFrame buster script

Question

I'm developing a chrome extension and I want to bypass iFrame detection (ie buster) scripts.

I'm able to bypass this detection:

if (top !== self) {
   //break out
}

with injecting this code on top:

window.self = window.top;

But what if I have something like this:

if (window != top) {
   //break out
}

How can I redefine window ?

Answer 1

You can't redefine the window and top properties of the global object

window is essentially a reference to the window property of the global window object (window.window). This property is defined as non-configurable and non-rewritable. You can verify this by executing Object.getOwnPropertyDescriptor(window, "window") in the console. The configurable: false and writable: false attributes mean that any attempts to modify it will fail (either with a false return value or with an error in strict mode). This behavior of the window property is required by the specification of the Window object.

The top property of a window is non-configurable and non-rewritable as well, so you won't be able to overwrite that either. (parent and self, on the other hand, can be overwritten.)

You seem to be trying to find a universaly usable way of fooling framebusters. This seems like an impossible task to me. You might be able to somehow intercept <script> elements and remove the iframe detection from the code before it gets executed, but even if you succeed in doing so for some framebusters, there will always be other ones that your extension will not take care of.