如何防止 IFRAME 重定向顶级窗口 [英] How to prevent IFRAME from redirecting top-level window

问题描述

有些网站有代码可以突破"IFRAME 外壳，这意味着如果页面 A 作为 IFRAME 加载到父页面 P A 中的一些 Javascript 将外部窗口重定向到 A.

Some websites have code to "break out" of IFRAME enclosures, meaning that if a page A is loaded as an IFRAME inside an parent page P some Javascript in A redirects the outer window to A.

通常这个 Javascript 看起来像这样:

Typically this Javascript looks something like this:

<script type="text/javascript">
  if (top.location.href != self.location.href)
     top.location.href = self.location.href;
</script>

我的问题是:作为父页面P的作者而不是内页A的作者，我怎样才能防止A代码>从做这个突破?

My question is: As the author of the parent page P and not being the author of the inner page A, how can I prevent A from doing this break-out?

附言在我看来，这应该是跨站点安全违规，但事实并非如此.

P.S. It seems to me like it ought to be a cross-site security violation, but it isn't.

推荐答案

尝试使用 onbeforeunload 属性，它会让用户选择是否要离开页面.

Try using the onbeforeunload property, which will let the user choose whether he wants to navigate away from the page.

示例:https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload

在 HTML5 中，您可以使用沙箱属性.请参阅下面的 Pankrat 的回答.http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/

In HTML5 you can use sandbox property. Please see Pankrat's answer below. http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/

这篇关于如何防止 IFRAME 重定向顶级窗口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！