如何防止IFRAME重定向顶层窗口 [英] How to prevent IFRAME from redirecting top-level window
问题描述
有些网站的代码可以爆发 IFRAME
附件,这意味着如果加载了页面 A
作为一个 IFRAME
在父页面内 P
一些Javascript在 A
将外部窗口重定向到 A
。
通常这个Javascript看起来像这样:
< script type =text / javascript>
if(top.location.href!= self.location.href)
top.location.href = self.location.href;
< / script>
我的问题是:作为父页面的作者 P
并且不是内部页面的作者 A
,我该如何防止 A
做这个中断-out?
PS在我看来,它应该是一个跨站点安全违规,但它不是。 解决方案
尝试使用onbeforeunload属性,它将让用户选择是否要从页面导航。
示例: https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload
在HTML5中,您可以使用沙箱属性。请参阅下面的Pankrat的答案。
http://www.html5rocks.com/en/tutorials/安全/ sandboxed-iframes /
Some websites have code to "break out" of IFRAME
enclosures, meaning that if a page A
is loaded as an IFRAME
inside an parent page P
some Javascript in A
redirects the outer window to A
.
Typically this Javascript looks something like this:
<script type="text/javascript">
if (top.location.href != self.location.href)
top.location.href = self.location.href;
</script>
My question is: As the author of the parent page P
and not being the author of the inner page A
, how can I prevent A
from doing this break-out?
P.S. It seems to me like it ought to be a cross-site security violation, but it isn't.
Try using the onbeforeunload property, which will let the user choose whether he wants to navigate away from the page.
Example: https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload
In HTML5 you can use sandbox property. Please see Pankrat's answer below. http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/
这篇关于如何防止IFRAME重定向顶层窗口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!