Home » Php » php – Stop Anyone From Viewing My Site Using an IFrame

php – Stop Anyone From Viewing My Site Using an IFrame

Posted by: admin July 12, 2020 Leave a comment

Questions:

I have looked and tried but don’t see where I can stop some being able to browse my site through an IFrame or Thickbox?

I want to stop banned members from accessing the site through proxy sites that give the end user the ability to browse through a IFrame. I know nothing may be full proof but it’s still worth the question.

How to&Answers:

Check out SO’s own Jeff Atwood’s comments about this problem…

Coding Horror – We Done Been … Framed!

What it boils down to is that there is no RELIABLE way to do this. You can try a frame breakout, but malicious coders will always be able to add a little more code and get around any “protection” you might add.

Answer:

Ah, but here is the response to Jeff Atwoods blog post. (the anti-anti frame breakout) it is possible.

Go figure, it was a question on Stackoverflow as well. Posted by guess who? The answer is similar to the link I posted:

if(top != self) {
 top.onbeforeunload = function() {};
 top.location.replace(self.location.href);
}

Answer:

altCognito is right, you want to bust a frame breakout.

Below is the source code from the post altCognito sent you.

<script type="text/javascript">
if (top.location != self.location)
top.location = self.location;
</script> 

However, I think you might even want to go further with it. You may want to have a series of checks looking for not only the top but also parent and window.

<script type="text/javascript">

var self = self.location;
var top = top.location;
var parent = parent.location;
var window = window.location;

if (top != self || parent != self || window != self  )
window = self;
</script> 

Answer:

<script>
   var isInIframe = (window.location != window.parent.location) ? true : false;

  if(isInIframe) 
  {
    alert("Window is in iframe");
    //Do what you want
    //top.location.href=self.location;
  }
  else 
  {
    alert("Window is not in iframe");
  }
</script>

Answer:

you can try this simple js in your header file

if (window.top !== window.self) window.top.location.replace(window.self.location.href);