Talk:Framekiller
 | This article has not yet been rated on Wikipedia's content assessment scale. |
 | On 25 May 2010, Framekiller was linked from Slashdot, a high-traffic website. (Traffic) All prior and subsequent edits to the article are noted in its revision history. |
Example[edit]
An example WP plugin of a framekiller, eg for Digg bar, is this suitable to add here ? 91.108.171.169 (talk) 03:03, 11 April 2009 (UTC)
A php example to block digg bar from working [1] —Preceding unsigned comment added by 68.76.86.215 (talk) 18:25, 11 April 2009 (UTC)
Some browsers support the X-FRAME-OPTIONS header, which has a similar effect, but doesn't require JavaScript. Wehe (talk) 10:38, 21 January 2010 (UTC)wehe
A link to this page from related article is: http://noscript.net/faq#clearclick —Preceding unsigned comment added by 80.38.112.183 (talk) 11:45, 6 August 2010 (UTC)
- Yeah, somebody added a
{{refimprove}}tag, I replaced it by a reference to the NoScript-FAQ. –82.113.106.31 (talk) 21:48, 5 April 2011 (UTC)
Example script[edit]
The example script might be a bit too long, on my pages I use a one-liner:
<body onload="if (parent.location != location) parent.location=location">
–82.113.106.31 (talk) 21:40, 5 April 2011 (UTC)
This code doesn't do the job. Read about 204 flushing, location clobbering and using the parent object. It's all described in the referenced paper "Busting frame busting". — Preceding unsigned comment added by 155.56.68.217 (talk) 12:34, 21 October 2011 (UTC)
Iframe-less framer and the killer[edit]
All well and good. But there's a way that frames without iframes. Its a validation nightmare but a possible alternative. Its used by sites like blogadda[.]com
www.blogadda.com/showblog?url=[YOUR_URL]
The site used a div to display your page, !doctype html head and all tags included. Even your scripts and css.
standard frame-bursting with top.location = self.location like code is useless!
However, they (have to?) use an id for the container and frame s.
Just realized, all I needed to do was set frameid{display:none} in my css!
Works fine when it comes to the look of the page, but the url remains theirs.
Any better way I can overcome that kind of an attack?Sarindam7 21:30, 10 June 2011 (UTC)
This looks like a different kind of "attack". Like u said, no frames are involved and no clickjacking takes place. Thus no framebusting code is required. They are "just" stealing your blog's content. — Preceding unsigned comment added by 155.56.68.217 (talk) 12:38, 21 October 2011 (UTC)
Dated Content[edit]
Most of this article's content was made obsolete a long time ago by the HTML 5 sandbox attribute. It needs to be updated or re-written from a more comprehensive point of view. Miqrogroove (talk) 05:12, 3 November 2012 (UTC)