Detect which IFrame is trying to change the top level document href/URL?

[Robert Oschler]

I have a comparison web page that has several iframes that contain documents
from external domain web sites. Some of the web sites are "trusted". If
they want to change the top level document location (document.location.href)
via Javascript or using "_TOP" as the target for a SUBMIT operation, etc.,
then I want to allow it. The other web sites I want to block if they try to
do that. I would do the blocking in the top level document onunload() event
handler.

Is there a way to know _which_ IFrame is trying to change the top level
document URL. I know I can't do anything to examine the contents of an
external domain sourced IFrame, due to browser security issues, but I was
hoping there might be something from an event handler standpointthat would
allow me tp grab the ID or NAME attribute of an IFrame, that triggers a top
level document location change. Note: I mean the ID or NAME attribute that
I assigned to the IFrame Node element that resides in _my_ document's, the
top level document, domain space.

Any ideas?

thx

--

Robert Oschler
"Let the web hear you, add your voice to your web site in minutes!"
-- http://audiodirect.spiderchase.com/
(For a limited time, free voiceover with every sign-up, use this link
instead)
-- http://audio.spiderchase.com/
(A song - are you blue?)
-- http://bluedreams.spiderchase.com/

 

[Fred Basset]

I'm sorry that I can't be more helpful, but all I can be pretty certain
of is that you can't prevent the unloading of a page. Imagine the hassle
that annoying ad-pages could cause if they could prevent the unload of
the page whenever they wanted ... unfortunately you may need another
solution?

Fred Basset
(e-mail address removed)

 

[Robert Oschler]

I'm sorry that I can't be more helpful, but all I can be pretty certain
of is that you can't prevent the unloading of a page. Imagine the hassle
that annoying ad-pages could cause if they could prevent the unload of
the page whenever they wanted ... unfortunately you may need another
solution?

Fred Basset
(e-mail address removed)

Fred,

Perhaps I misunderstand you but I've been very successful preventing the
unload of a page with:

// Between head tags.
<SCRIPT>
var gCurrentURL = document.location.href;
</SCRIPT>

// Function called by BODY onunload() event.
function onBodyUnload()
{
// This prevents the URL change by resetting the document
// document.location.href property to the current URL.
// This is where I would put the logic, if I knew how, to prevent the
URL
// change if an "untrusted" IFrame tried to change the top level URL.
document.location.href = gCurrentURL;
}

thx
--

Robert Oschler
"Let the web hear you, add your voice to your web site in minutes!"
-- http://audiodirect.spiderchase.com/
(For a limited time, free voiceover with every sign-up, use this link
instead)
-- http://audio.spiderchase.com/
(A song - are you blue?)
-- http://bluedreams.spiderchase.com/

 

[Fred Basset]

My apologies!! I'm not having a good morning today obviously.

Just tried your code, and it works exactly as you say. I could've sworn
I've tried to do exactly that same thing previously and not been able to
... I'll just go tuck into my humble pie

Fred Basset
(e-mail address removed)

 

[Csaba2000]

Some thoughts (none tested):

In your code below, doesn't it do a refresh the way
that you have it? If so, couldn't you rather cancel the
event to avoid the refresh?

Also, since you are setting document.location.href to
something, my thought is what is that value that is
then in there? Is it already the hopeful new document's
href? If so, and if the number of trusted sites is
"reasonably finite" (after all, to trust a site you should
know it, right?) then you could cancel the event or
use your technique if the purported destination is
one of the trusted domains

Lotta ifs...

Good luck,
Csaba Gabor