如何防止IFRAME重定向顶层窗口 [英] How to prevent IFRAME from redirecting top-level window

问题描述

有些网站的代码可以爆发 IFRAME 附件，这意味着如果加载了页面 A 作为一个 IFRAME 在父页面内 P 一些Javascript在 A 将外部窗口重定向到 A 。

通常这个Javascript看起来像这样：

 < script type =text / javascript> 
 if（top.location.href！= self.location.href）
 top.location.href = self.location.href; 
< / script> 
  

我的问题是：作为父页面的作者 P 并且不是内部页面的作者 A ，我该如何防止 A 做这个中断-out？

PS在我看来，它应该是一个跨站点安全违规，但它不是。 解决方案

尝试使用onbeforeunload属性，它将让用户选择是否要从页面导航。

示例： https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload

在HTML5中，您可以使用沙箱属性。请参阅下面的Pankrat的答案。
http://www.html5rocks.com/en/tutorials/安全/ sandboxed-iframes /

Some websites have code to "break out" of IFRAME enclosures, meaning that if a page A is loaded as an IFRAME inside an parent page P some Javascript in A redirects the outer window to A.

Typically this Javascript looks something like this:

<script type="text/javascript">
  if (top.location.href != self.location.href)
     top.location.href = self.location.href;
</script>

My question is: As the author of the parent page P and not being the author of the inner page A, how can I prevent A from doing this break-out?

P.S. It seems to me like it ought to be a cross-site security violation, but it isn't.

解决方案

Try using the onbeforeunload property, which will let the user choose whether he wants to navigate away from the page.

Example: https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload

In HTML5 you can use sandbox property. Please see Pankrat's answer below. http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/

这篇关于如何防止IFRAME重定向顶层窗口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！