Home » Javascript » Blocking aggressive coin miner in iframe

Blocking aggressive coin miner in iframe

Posted by: admin November 1, 2017 Leave a comment

Questions:

Thing is, how to inject code into foreign iframe which spawns a lot of workers and starts mining coins with all my CPU?

My basic idea was something like

for (var iframe of document.querySelectorAll('iframe')) {
    console.log("Removing Worker from ", iframe);
    iframe.window.eval("window.Worker = undefined;");   
}

Well, it does not work. Looks like iframes which are not from same origin are protected from WRITE access from parent frame.

URL blocking is not a way to go, page will detect it.

What to do now ?

Answers:

You cannot inject code into an iframe for security reasons. If you could, websites could post to stackoverflow without your permission by loading the page to post a question and selecting the submit button and using .click(). The only way to stop an iframe from loading a bitcoin miner is to not load the iframe.