Disable JavaScript inside an iframe

[laserdude]

is it possible to disable JavaScript inside an iframe ?

I'm trying to load a page into an iframe, but since that page has a function to automatically redirect outside of any frame, I need to disable JavaScript.

Or some work around would be helpful.

[Snookerman]

I've seen this request before and I don't think it's possible, at least nobody has provided a solution.

[laserdude]

I've seen this request before and I don't think it's possible, at least nobody has provided a solution.

Is there some kind of a anti script that kill scripts ??

[jscheuer1]

Look at it this way. If you have the right to display that content in your iframe, you either have the power to remove the code that does that yourself, or to direct the person who owns the content to do so. If that's the case, a selective modification of the code visa vis its effect when the top page is from your domain can be arranged. Or it could be removed altogether.

Otherwise, it would be a violation of the rights of the content holder, and therefore prohibited under the terms of use of this forum.

In any case, if you have no control over the code on the external page, there is nothing we can help you with in this matter and, incidentally, no way to do it with javascript.

[laserdude]

Look at it this way. If you have the right to display that content in your iframe, you either have the power to remove the code that does that yourself, or to direct the person who owns the content to do so. If that's the case, a selective modification of the code visa vis its effect when the top page is from your domain can be arranged. Or it could be removed altogether.

Otherwise, it would be a violation of the rights of the content holder, and therefore prohibited under the terms of use of this forum.

In any case, if you have no control over the code on the external page, there is nothing we can help you with in this matter and, incidentally, no way to do it with javascript.

I already contacted the Group of that website..but they say if they remove that JS for me others may misuse it... And they say there is no way to authenticate if I am using the site in side the frame or some external 3rd party...Is there way that we can send a password to that from my site so that it will run in iframe only from my site. ??

[jscheuer1]

No password should be required. It depends upon the code that they use. If it only looks to the parent window, they are correct. However, if it looks to the top window, it may be configured to exclude your domain. Either top or parent would be as effective for their basic purposes of frame busting unless they already have nested content in iframes on the page in question. Though even that might still work out.

How about a link to the page on their site, so I can see how it is setup, and what kind of frame busting script they are using?

However, if they are simply unwilling to change their code, even if it wouldn't create any opportunity for abuse, well, you'd still be stuck.

[diltony]

I already contacted the Group of that website..but they say if they remove that JS for me others may misuse it... And they say there is no way to authenticate if I am using the site in side the frame or some external 3rd party...Is there way that we can send a password to that from my site so that it will run in iframe only from my site. ??

The redirection script does not need to be removed. There is an environment variable called referer which allows you to determine the website that called or loaded your site, and u can authenticate it and allow or reject.....
there are environment variables present that any web server language can use to block or allow sites, i am not even talking about passwords here....

[jscheuer1]

Referrer is unreliable. The user could have come from anywhere, and the referrer may not always reflect what you might expect it to. The bottom line is that the best javascript method is what I outlined, allowing the particular domain.

But, whatever method is used, as I said:

if they are simply unwilling to change their code, even if it wouldn't create any opportunity for abuse, well, you'd still be stuck.

[laserdude]

Referrer is unreliable. The user could have come from anywhere, and the referrer may not always reflect what you might expect it to. The bottom line is that the best javascript method is what I outlined, allowing the particular domain.

But, whatever method is used, as I said:

Thanks for all the inputs...the website I am trying to frame is http://haquality.convergys.com/

[jscheuer1]

OK, they have no nested iframes, so this should be easy. What they are currently using:

Code:

<script language="JavaScript"><!--
if (parent != self) top.location.replace(self.location.href);

//--></script>

Which should be:

Code:

<script type="text/javascript">
<!-- 
if (parent != self) top.location.replace(self.location.href);
// -->
</script>

Could be (untested, but it's the basic idea):

Code:

<script type="text/javascript">
<!-- 
if (parent != self  && !/^http:\/\/((www\.)|())yourdomain\.com/.test(top.location.href)) top.location.replace(self.location.href);
// -->
</script>

which requires (if I've written it correctly) the top page (if different than their own) to have http://www.yourdomain.com or http://yourdomain.com at the beginning of its address. Pretty fool proof.

In fact, if they had a list of allowed domains, that could be configured as well, using an array of the allowed domains.