I have a question about writing a frame-buster-buster. I have already read Frame Buster Buster ... buster code needed but I need an extra tweak.
My content from my blog at [http://my_domain.c0m/blog] is being displayed at another site showing three "views". One view is a feed and doesn't particulary bother me. The other two bother me and I wish to break both. I also want to permit exceptions of domains with permission to frame.
In one view, it appears the the content from the top of my html of the top of my blog is first copied to create a "snapshot" [http://the_other_domain.c0m/copy_of_blog] then that copy is framed in [http://the_other_domain.c0m/ ]. So, in this case, the 'child' copy are both hosted at [http://the_other_domain.c0m/] . Google translate does a similar thing-- but I find this ok. So, I would like to break this frame while also permitting exceptions for google and also for people who have made a copy to their pcs and would like to view in a utility that might frame.
In the other view, it appears the content from my site is framed. So in this case [http://my_domain.c0m/blog_post] is framed by [http://the_other_domain.c0m/]. I would like to bust out of this frame. However, my difficulty is that I can't figure out how to do so while keeping the exceptions for google translate or individual pc users frames at home.
My solution so far (I am not particularly familiar with javascript. So, please don't laugh too hard at the redundancy and lack of knowledge):
I was able to bust the first frame using:
<SCRIPT type="text/javascript" >
var topWindow = String(top.location)
var topWord=topWindow.split("/")
var selfWindow = String(self.location)
var selfWord=topWindow.split("/")
var correctLocation ="http://my_domain.c0m/blog"
var correctWord2="my_domain.c0m"
var http="http:"
if( ( (topWord[2] != correctWord2) || (selfWord[2] != correctWord2) )
&& (topWord[2] != 'translate.googleusercontent.com' ) && (topWord[0] == http ) ){
document.write("message expressing my opinion about the asshattery going in here.]" )
setTimeout("redirect_after_pause()",8000)
}else{
//document.write("<p><font color='purple'>Hi there! Javascript is working.</font> </p> " )
}
function redirect_after_pause() {
var correctLocation ="http://my_domain.c0m/blog"
top.location=correctLocation
}
I know this is inefficient. But it works and achieves my goal of making an exception for a) translations at googlecontent which my readers in france requested and b) cases where a user is framing in a utility that downloads to their pc (which I think has uri's beginning with "FILE:".
Now the difficulty: This does not work for the view where content hosted at my domain is framed at the other domain. I believe I have tracked the problem down to var topWindow = String(top.location) not being permitted in my child window. In principle, this would work:
<script type="text/javascript">
if(top != self) top.location.replace(location);
However, I think it screws up the use of google translate which uses a top frame that holds their translation of my content also hosted at [http://translate.google.com]. I suspect it similarly screws up readers that might display a local copy on someones pc if that copy is displayed in a frame.
If someone can guide me toward a solution I can implement to break both frames while permitting my exception
BTW: It does appear that the site in question is using a framebuster. I poked around and found this inside their /static/common.js?1345250291 code:
enable_iframe_buster_buster:function(){var a=this,b=0;window.onbeforeunload=function(){b++};clearInterval(this.locks.iframe_buster_buster);this.locks.iframe_buster_buster=setInterval(function(){0<b&&(b-=2,a.flags.iframe_story_locations_fetched&&!a.flags.iframe_view_not_busting&&_.contains(["page","story"],a.story_view)&&NEWSBLUR.reader.active_feed&&($(".NB-feed-frame").attr("src",""),window.top.location="/reader/buster",$(".task_view_feed").click()))},1)},disable_iframe_buster_buster:function(){clearInterval(this.locks.iframe_buster_buster)}
That's deep inside some particulary dense javascript. Whatever it does it doesn't seem to affect my ability to bust the frame for the case where my content is copied and hosted at [http://the_other_domain.c0m/]. I haven't yet fully explored whether it busts simple framebusters because earlier I only recently recognized that " var topWindow = String(top.location) " was forbidden in the child frame with a different domain from the parent frame.
Whether or not the frame-buster is present, I'd like help with solutions here. I know that if one site is now framing my content in this way it is only a matter of time before the obnoxious technique catches on and I would like to code in solutions that bust both methods gracefully while providing myself with exceptions. Thanks in advance.