Reputation: 2106
Disable DFP iframes to acces parent window
I am having some troubles with malicious ads that show interstitials with no close button.
Inspecting the code, I found that DFP uses <iframe> tags to load the ads, but as the content of those iframes are loaded using Javascript (using iframe's document.write(), without src attribute), they get full access to parent window through window.top and window.top.document, allowing advertisers to inject code, show malicious ads and even stole data such as user emails and passwords.
In order to prevent this, I'm looking for a way to block DFP ads to access the main window. Is it possible?
Upvotes: 0
Views: 915
Answers (2)
Reputation: 1757
I think you use synchronous rendering, try to change it to asynchronous
https://support.google.com/dfp_premium/answer/183282?hl=en
Upvotes: 0
Reputation: 11553
Consider using SafeFrames rather than Friendly Iframes you appear to be using. Quoting from DFP's help page on the subject:
We recommend using SafeFrames and creatives compatible with SafeFrame for expansion instead of friendly iframes. SafeFrame is supported in DFP and enabled by default when using GPT tags. It enables transparent and rich interactions between page content and ads, while preventing external access to sensitive data and providing more granular control over which creatives are rendered
Upvotes: 1
Related Questions
- Disable JavaScript in iframe/div
- Disabling DFP / DoubleClick iFrames
- Google DFP safeframe/friendlyframe Issue
- How can I prevent an iframe from accessing parent frame?
- Disallow iframes from displaying page
- Google DFP - Safeframe - Exapanding Ad
- Attach 'sandbox' attribute to dynamically created iframe to stop redirects
- disable iframes automatic onload
- How to disable browser respone inside iframe but not in the main page
- iframe parent window