When someone clicks a link in an iframe, navigate the entire window

Question

This seems to be the opposite of a common question, which implies that maybe I'm missing something obvious.

I have a little app that displays some other page (from a different domain) inside an iframe, with my header on top. So far, so good. But when someone clicks a link on that inner page, it just navigates the iframe - I want it to navigate the entire page instead (including, and especially, updating the URL in the URL bar).

This is basically the opposite of clickjacking. I just want the navigation to work as if it weren't an iframe. Is there an easy way?

Answer 1

The content in the iframe can modify the link's target: use _parent or _top.

<a href='#aboutus' target='_parent'>About Us</a>

Answer 2

This violates the same-domain origin policy if you don't control both the site inside and outside the iframe.

Imagine you put a user's bank inside the iframe. If you could register event handlers for things inside the frame (from outside), you could record the user's bank account number, watch the things they click for advertising purposes, misdirect them when they go to take certain actions you don't like... And the frame would show up as being a secured connection to their bank!

If it's your site inside the frame, it's possible, via handing the state through the server, or with the new(ish) HTML5 Web Messaging standard, or by manipulating parent.window from inside the frame.

Answer 3

If the contents of the <iframe> are in a different domain you can't do it due to security reasons.
If you have access to the other domain and html code you could do something like this on the link:

href="javascript:parent.window.location.href='http:/google.com'