Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Disable JavaScript inside an iframe

  1. #1
    Join Date
    Apr 2007
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default Disable JavaScript inside an iframe

    is it possible to disable JavaScript inside an iframe ?

    I'm trying to load a page into an iframe, but since that page has a function to automatically redirect outside of any frame, I need to disable JavaScript.

    Or some work around would be helpful.

  2. #2
    Join Date
    Oct 2008
    Location
    Sweden
    Posts
    2,023
    Thanks
    17
    Thanked 319 Times in 318 Posts
    Blog Entries
    3

    Default

    I've seen this request before and I don't think it's possible, at least nobody has provided a solution.

  3. #3
    Join Date
    Apr 2007
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by Snookerman View Post
    I've seen this request before and I don't think it's possible, at least nobody has provided a solution.
    Is there some kind of a anti script that kill scripts ??

  4. #4
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Look at it this way. If you have the right to display that content in your iframe, you either have the power to remove the code that does that yourself, or to direct the person who owns the content to do so. If that's the case, a selective modification of the code visa vis its effect when the top page is from your domain can be arranged. Or it could be removed altogether.

    Otherwise, it would be a violation of the rights of the content holder, and therefore prohibited under the terms of use of this forum.

    In any case, if you have no control over the code on the external page, there is nothing we can help you with in this matter and, incidentally, no way to do it with javascript.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  5. #5
    Join Date
    Apr 2007
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by jscheuer1 View Post
    Look at it this way. If you have the right to display that content in your iframe, you either have the power to remove the code that does that yourself, or to direct the person who owns the content to do so. If that's the case, a selective modification of the code visa vis its effect when the top page is from your domain can be arranged. Or it could be removed altogether.

    Otherwise, it would be a violation of the rights of the content holder, and therefore prohibited under the terms of use of this forum.

    In any case, if you have no control over the code on the external page, there is nothing we can help you with in this matter and, incidentally, no way to do it with javascript.
    I already contacted the Group of that website..but they say if they remove that JS for me others may misuse it... And they say there is no way to authenticate if I am using the site in side the frame or some external 3rd party...Is there way that we can send a password to that from my site so that it will run in iframe only from my site. ??

  6. #6
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    No password should be required. It depends upon the code that they use. If it only looks to the parent window, they are correct. However, if it looks to the top window, it may be configured to exclude your domain. Either top or parent would be as effective for their basic purposes of frame busting unless they already have nested content in iframes on the page in question. Though even that might still work out.

    How about a link to the page on their site, so I can see how it is setup, and what kind of frame busting script they are using?

    However, if they are simply unwilling to change their code, even if it wouldn't create any opportunity for abuse, well, you'd still be stuck.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  7. #7
    Join Date
    Dec 2008
    Location
    Nigeria
    Posts
    95
    Thanks
    3
    Thanked 8 Times in 8 Posts

    Default

    Quote Originally Posted by laserdude View Post
    I already contacted the Group of that website..but they say if they remove that JS for me others may misuse it... And they say there is no way to authenticate if I am using the site in side the frame or some external 3rd party...Is there way that we can send a password to that from my site so that it will run in iframe only from my site. ??
    The redirection script does not need to be removed. There is an environment variable called referer which allows you to determine the website that called or loaded your site, and u can authenticate it and allow or reject.....
    there are environment variables present that any web server language can use to block or allow sites, i am not even talking about passwords here....

  8. #8
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Referrer is unreliable. The user could have come from anywhere, and the referrer may not always reflect what you might expect it to. The bottom line is that the best javascript method is what I outlined, allowing the particular domain.

    But, whatever method is used, as I said:

    if they are simply unwilling to change their code, even if it wouldn't create any opportunity for abuse, well, you'd still be stuck.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  9. #9
    Join Date
    Apr 2007
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by jscheuer1 View Post
    Referrer is unreliable. The user could have come from anywhere, and the referrer may not always reflect what you might expect it to. The bottom line is that the best javascript method is what I outlined, allowing the particular domain.

    But, whatever method is used, as I said:

    Thanks for all the inputs...the website I am trying to frame is http://haquality.convergys.com/

  10. #10
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    OK, they have no nested iframes, so this should be easy. What they are currently using:

    Code:
    <script language="JavaScript"><!--
    if (parent != self) top.location.replace(self.location.href);
    
    //--></script>
    Which should be:

    Code:
    <script type="text/javascript">
    <!-- 
    if (parent != self) top.location.replace(self.location.href);
    // -->
    </script>
    Could be (untested, but it's the basic idea):

    Code:
    <script type="text/javascript">
    <!-- 
    if (parent != self  && !/^http:\/\/((www\.)|())yourdomain\.com/.test(top.location.href)) top.location.replace(self.location.href);
    // -->
    </script>
    which requires (if I've written it correctly) the top page (if different than their own) to have http://www.yourdomain.com or http://yourdomain.com at the beginning of its address. Pretty fool proof.

    In fact, if they had a list of allowed domains, that could be configured as well, using an array of the allowed domains.
    Last edited by jscheuer1; 12-17-2008 at 04:54 PM. Reason: add info
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  11. The Following User Says Thank You to jscheuer1 For This Useful Post:

    laserdude (12-23-2008)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •