Detect which IFrame is trying to change the top level document href/URL?

Discussion in 'Javascript' started by Robert Oschler, Aug 26, 2003.

  1. I have a comparison web page that has several iframes that contain documents
    from external domain web sites. Some of the web sites are "trusted". If
    they want to change the top level document location (document.location.href)
    via Javascript or using "_TOP" as the target for a SUBMIT operation, etc.,
    then I want to allow it. The other web sites I want to block if they try to
    do that. I would do the blocking in the top level document onunload() event
    handler.

    Is there a way to know _which_ IFrame is trying to change the top level
    document URL. I know I can't do anything to examine the contents of an
    external domain sourced IFrame, due to browser security issues, but I was
    hoping there might be something from an event handler standpointthat would
    allow me tp grab the ID or NAME attribute of an IFrame, that triggers a top
    level document location change. Note: I mean the ID or NAME attribute that
    I assigned to the IFrame Node element that resides in _my_ document's, the
    top level document, domain space.

    Any ideas?

    thx

    --

    Robert Oschler
    "Let the web hear you, add your voice to your web site in minutes!"
    -- http://audiodirect.spiderchase.com/
    (For a limited time, free voiceover with every sign-up, use this link
    instead)
    -- http://audio.spiderchase.com/
    (A song - are you blue?)
    -- http://bluedreams.spiderchase.com/
     
    Robert Oschler, Aug 26, 2003
    #1
    1. Advertising

  2. Robert Oschler

    Fred Basset Guest

    I'm sorry that I can't be more helpful, but all I can be pretty certain
    of is that you can't prevent the unloading of a page. Imagine the hassle
    that annoying ad-pages could cause if they could prevent the unload of
    the page whenever they wanted ... unfortunately you may need another
    solution?

    Fred Basset


    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Fred Basset, Aug 26, 2003
    #2
    1. Advertising

  3. "Fred Basset" <> wrote in message
    news:3f4b167a$1$62079$...
    > I'm sorry that I can't be more helpful, but all I can be pretty certain
    > of is that you can't prevent the unloading of a page. Imagine the hassle
    > that annoying ad-pages could cause if they could prevent the unload of
    > the page whenever they wanted ... unfortunately you may need another
    > solution?
    >
    > Fred Basset
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!


    Fred,

    Perhaps I misunderstand you but I've been very successful preventing the
    unload of a page with:

    // Between head tags.
    <SCRIPT>
    var gCurrentURL = document.location.href;
    </SCRIPT>

    // Function called by BODY onunload() event.
    function onBodyUnload()
    {
    // This prevents the URL change by resetting the document
    // document.location.href property to the current URL.
    // This is where I would put the logic, if I knew how, to prevent the
    URL
    // change if an "untrusted" IFrame tried to change the top level URL.
    document.location.href = gCurrentURL;
    }

    thx
    --

    Robert Oschler
    "Let the web hear you, add your voice to your web site in minutes!"
    -- http://audiodirect.spiderchase.com/
    (For a limited time, free voiceover with every sign-up, use this link
    instead)
    -- http://audio.spiderchase.com/
    (A song - are you blue?)
    -- http://bluedreams.spiderchase.com/
     
    Robert Oschler, Aug 26, 2003
    #3
  4. Robert Oschler

    Fred Basset Guest

    My apologies!! I'm not having a good morning today obviously.

    Just tried your code, and it works exactly as you say. I could've sworn
    I've tried to do exactly that same thing previously and not been able to
    ... I'll just go tuck into my humble pie :)

    Fred Basset


    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Fred Basset, Aug 26, 2003
    #4
  5. Robert Oschler

    Csaba2000 Guest

    Some thoughts (none tested):

    In your code below, doesn't it do a refresh the way
    that you have it? If so, couldn't you rather cancel the
    event to avoid the refresh?

    Also, since you are setting document.location.href to
    something, my thought is what is that value that is
    then in there? Is it already the hopeful new document's
    href? If so, and if the number of trusted sites is
    "reasonably finite" (after all, to trust a site you should
    know it, right?) then you could cancel the event or
    use your technique if the purported destination is
    one of the trusted domains

    Lotta ifs...

    Good luck,
    Csaba Gabor

    "Robert Oschler" <no_replies@fake_email_address.invalid> wrote in message
    news:ltG2b.18548$...
    > "Fred Basset" <> wrote in message
    > news:3f4b167a$1$62079$...
    > > I'm sorry that I can't be more helpful, but all I can be pretty certain
    > > of is that you can't prevent the unloading of a page. Imagine the hassle
    > > that annoying ad-pages could cause if they could prevent the unload of
    > > the page whenever they wanted ... unfortunately you may need another
    > > solution?
    > >
    > > Fred Basset
    > >
    > >
    > > *** Sent via Developersdex http://www.developersdex.com ***
    > > Don't just participate in USENET...get rewarded for it!

    >
    > Fred,
    >
    > Perhaps I misunderstand you but I've been very successful preventing the
    > unload of a page with:
    >
    > // Between head tags.
    > <SCRIPT>
    > var gCurrentURL = document.location.href;
    > </SCRIPT>
    >
    > // Function called by BODY onunload() event.
    > function onBodyUnload()
    > {
    > // This prevents the URL change by resetting the document
    > // document.location.href property to the current URL.
    > // This is where I would put the logic, if I knew how, to prevent the
    > URL
    > // change if an "untrusted" IFrame tried to change the top level URL.
    > document.location.href = gCurrentURL;
    > }
    >
    > thx
    > --
    >
    > Robert Oschler
    > "Let the web hear you, add your voice to your web site in minutes!"
    > -- http://audiodirect.spiderchase.com/
    > (For a limited time, free voiceover with every sign-up, use this link
    > instead)
    > -- http://audio.spiderchase.com/
    > (A song - are you blue?)
    > -- http://bluedreams.spiderchase.com/
    >
    >
     
    Csaba2000, Aug 26, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. pabbu
    Replies:
    8
    Views:
    770
    Marc Boyer
    Nov 7, 2005
  2. Ray

    Invalid at the top level of the document

    Ray, May 6, 2005, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    960
  3. Soren Vejrum
    Replies:
    4
    Views:
    762
    Lasse Reichstein Nielsen
    Jul 5, 2003
  4. Replies:
    2
    Views:
    628
  5. John L.
    Replies:
    6
    Views:
    965
    Thomas 'PointedEars' Lahn
    Sep 4, 2011
Loading...

Share This Page