CODEWITHSUNDEEP
javascripthtmliframe
Chris R.
Chris R.

Reputation: 699

Can you beat a frame breaker?

I haven't been able to find much of an answer yet, so I'm just going to ask.

How difficult would it be to stop a frame breaker from working - or even just ignore it?

Upvotes: 4

Views: 4834

Answers (2)

Filipe Pablo
Filipe Pablo

Reputation: 61

This is the solution to your problem, I hope it helped!

<iframe src="URL" sandbox="allow-scripts" width="100%" height="100%" scroll="yes" frameborder="0"></iframe>

Upvotes: 6

Lance Roberts
Lance Roberts

Reputation: 22842

As per Jeff's question:

As it turns out, your frame-busting code can be busted, as shown here:

<script type="text/javascript">
    var prevent_bust = 0  
    window.onbeforeunload = function() { prevent_bust++ }  
    setInterval(function() {  
      if (prevent_bust > 0) {  
        prevent_bust -= 2  
        window.top.location = 'http://server-which-responds-with-204.com'  
      }  
    }, 1)  
</script>

This code does the following:

  • increments a counter every time the browser attempts to navigate away from the current page, via the window.onbeforeonload event handler
  • sets up a timer that fires every millisecond via setInterval(), and if it sees the counter incremented, changes the current location to a server of the attacker's control
  • that server serves up a page with HTTP status code 204, which does not cause the browser to navigate anywhere

Upvotes: 6

Related Questions