TechQA.

Can't seem to bust out of a full page iframe - what are the possible intentions?

153 views Asked by At

While looking at my Adsense report today I noticed a domain in there that isn't ours.

I've been running "example.com" since 1997. Today I noticed a site in our reports and when I went to it, it has our site in a full page iframe. I'm concerned that it will begin to engage in clickjacking, damage our standing with Google, or damage the name we've built in the news world.

The site that is hijacking us is called "exampleblog.com" and it appears to have been registered earlier today, Dec. 2nd, 2013.

I tried the following code to try and bust out of the frame, but it doesn't seem to have any effect. I'm not sure how old the code is. Are there more modern techniques?

Here's what I tried:

if (document.referrer.match(/^https?:\/\/([^\/]+\.)?exampleblog\.com(\/|$)/i)) {
top.location.replace(self.location.href);
}
javascript iframe framebusting
Original Q&A
2

There are 2 answers

0
Ian On BEST ANSWER

Thanks to JD_Toims on another site for this code:

var allowedList = /^(www\.)?(example\.com|site\.com|another-site\.com)$/;
var currentHost = location.hostname;
var allowedHost = currentHost.search(allowedList);

if(top!=self && allowedHost==-1) { top.location.replace(location); }
1
Guffa On

Just check if the top window has the right location, to break out of any iframe:

if (window.top.location != window.location) {
  window.top.location.replace(window.location.href);
}

Related Questions in JAVASCRIPT

Related Questions in IFRAME

Related Questions in FRAMEBUSTING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions