Trapping a page in a frame?

[smerf]

smerf said the following on 10/23/2006 1:13 AM:

Obviously not as you continue to top-post when asked repeatedly not to.


First, adding any script to check for the parents URL would fail in a
secondary sites pages (it would throw a security error) as it is a
security violation (for the very same reason you can't change the code
in there pages).

Right. I was just tossing out ideas while I read up on Javascript.
Therefore, they could not allow only my (or any other) webite to frame
them while excluding others. This would simply not work.

Second, if a site doesn't want to be framed (or IFramed) then you have
to accept that. If you don't want to include a link, then don't.

If you had read my postings on the forums I pointed you to, you'd see that
is exactly what I am going to do.

The matter (for me) became one of (a) can frame busting pages be included
against thier will (the answer is yes) and (b) why would somebody elect to
use a form of content protection that not only is ineffective, but limits
the audience that may view the page (I still don't know the answer to that
one).

How do you propose to deal with people like me that have IE7 set to open
new links in a new tab?

As you probably know, navigational links (like those on the left hand side
of www.torrentscan.com) are set to open their pages in a content frame to
the right of the list of search links. IE7 does not change this
behavior. Try it out.

(As a side point, IE7's handling of tabs is irritating to me, to say the
least. I can't, for the life of me, find a setting to cause new web
addresses typed into the address bar to open in a new tab. So, I'm still
using Firefox as a primary browser.)

Are you going to try to over ride that choice also?

If you are using my site, you understand what it does and how it does it.
If you didn't want to use a site like mine, you wouldn't be there. And,
if you can;t understand how a site like www.torrentscan.com works...well,
there's not a whole lot I can help you with.

If the site you are making is free, then make it, enjoy it, and let
other sites work the way they work.

I will. It will work fine for sites that don't fool themselves into a
false sense of security by using frame busting code. For those that do,
it will inform the user why it won't work with a particular site and offer
alternative sites to the user. (But you already knew all of that from
reading my posts on the forums -right? So, why ask the question?)

Besides, you are the one tauting some magically simple knowledge of how to
trap frame busting pages in a frame. I think you are full of hot air.
Proof of that will be your refusal to reveal your supposedly simple
method. Of course your excuse will be to save the world from me, but we
both know that's not true.

If you really had the web's best interest at heart, you would expose this
flaw so that Javascript interpreters could be fixed to prevent it.

The way I found to do it is to pass the request for a web page to a web
service that extracts the core (minus head and body tags) of the page,
tweaks the links to relative URLs, eliminate any obvious attempts at
defeating the content capture by removing offending code and returning the
tweaked page code to be included in a DIV tag on the original page. Not
all that difficult really.

There's really NOTHING that can stop this type of content hijacking. But,
who'd want to go to that extreme? Certainly not me. If they want fewer
viewers, who am I to force higher ratings on them?

I actually don't give a tinker's damn to include pages that use frame
busting code. The only reason I looked into it to begin with is that I
wanted my users to be able to view any site they wanted from the search
page. It's called customer service - something most frame buster admins
have a poor grasp of anyway.


--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

But, you know, it's the damndest thing...I downloaded Opera 9.02 (their
newest) to try its newsreader and geuss what? It defaults the cursor to
the top of the post for replies - just like EVERY other newsreader. That
begs the question - since top-posting is evidentally immoral - just why
are all of these newsreaders conspiring to place the cursors at the top of
the posts when you click on reply?

Wouldn't it make more sense (if top posting is such a horrible sin) that
modern newsreaders like Opera 9.02 would place the cursor at the bottom of
the post to begin with? Maybe you should let them know of this horrible
sin that they are helping to perpetuate. They have a newsgroup called
opera.general if you have a minute to let them in on this problem.

Thanks again for your input.

 

[Evertjan.]

smerf wrote on 23 okt 2006 in comp.lang.javascript:

If top-posting is so bad, why does Outlook Express default to it?
Most of the posts that I read are top posted. If its so bad,

Outlook is an email client impersonating a news reader.

I wouldn't know how well it does that from own experience,
since for email I am a pegasus mail user since 1995.

However, if it acts like you say, it does a poor job.

I heard rumors outlook's above behavour can be set to to bottomposting,
but that does not improve a thing, since the way to go is sparce
interposting, where you only quote what is necessaty for your answer [to
be understandable for the group], placed immediately under each
question/subject.

This would not always do for email, where you answer only to one.
However on usenet you post to the group, whose members are by netiquette
not required to remember all previous postings, or even, by the quirks of
non centralized news servers, could not even have received the previous
posting [yet].

Why not use a dedicated newsreader instead?

why are most posters that I see doing it?

I do not think relative newcomers like outlook and googlegroups should in
their workings be taken as a standard for usenet that exists from 1979.

[Usenet was conceived by Duke University graduate students Tom Truscott
and Jim Ellis in 1979. Publicly available ww-web service on the Internet
started in 1991.]

That outlook and googlegroups influence a bunch of newcomers, is obvious,
but that should not be confused with good practice.

.. most posters that I see ..

You seem to have a different "point of view".

 

[Evertjan.]

smerf wrote on 23 okt 2006 in comp.lang.javascript:

Posting under the "--" that is defined [on its own line] as "everything
below this is signature" will only be read by pure chance in dedicated
news readers.

However, as you showed, you where not bottomposting but interposting.

Wel done that.

A signature would be welcome, so that we could address you by name.

 

[smerf]

smerf wrote on 23 okt 2006 in comp.lang.javascript:


Outlook is an email client impersonating a news reader.

Microsoft certainly hasn't spent any real time upgrading it. Anyway, it
would compete with their Live Q and A site - which I hate.

Now you have Yahoo and Microsoft and others actaully splitting up the
collective IQ by each one creating it's own version of USENET in the name of
profits. Aren't they nice?

I wouldn't know how well it does that from own experience,
since for email I am a pegasus mail user since 1995.

However, if it acts like you say, it does a poor job.

Opera 9.02 (a brand new browser/email/newsreader and more) also has this as
the default behavior. It's brand new and is constantly updated.

I heard rumors outlook's above behavour can be set to to bottomposting,
but that does not improve a thing, since the way to go is sparce
interposting, where you only quote what is necessaty for your answer [to
be understandable for the group], placed immediately under each
question/subject.

This would not always do for email, where you answer only to one.
However on usenet you post to the group, whose members are by netiquette
not required to remember all previous postings, or even, by the quirks of
non centralized news servers, could not even have received the previous
posting [yet].

That's why we ask questions before posting (or why we should ask questions
if the thread is not clear to us)....to make sure we understand the problem
and do not confuse the thread.

Why not use a dedicated newsreader instead?

Using USENET is not a daily thing for me. I don't see the need for a full
fledged app for something that I do so inconsistently.

why are most posters that I see doing it?

I do not think relative newcomers like outlook and googlegroups should in
their workings be taken as a standard for usenet that exists from 1979.

[Usenet was conceived by Duke University graduate students Tom Truscott
and Jim Ellis in 1979. Publicly available ww-web service on the Internet
started in 1991.]

That outlook and googlegroups influence a bunch of newcomers, is obvious,
but that should not be confused with good practice.

I agree. But things change...and USENET posting is changing because it is
not natural or intuitive to the non-geek crowd that is the majority of
USENET's users.

You seem to have a different "point of view".

That seems to be the norm with me as of late. I tend to lean more towards
what is intuitive and easy for end users...not just because of some arcane
RFCs that (you must admit) fail miserably at keeping up with the changes in
USENET or the internet as a whole.

Thanks for your point of view.

 

[smerf]

smerf wrote on 23 okt 2006 in comp.lang.javascript:

Posting under the "--" that is defined [on its own line] as "everything
below this is signature" will only be read by pure chance in dedicated
news readers.

You probably won't see that again....

However, as you showed, you where not bottomposting but interposting.

Wel done that.
Gee.....thanks!


A signature would be welcome, so that we could address you by name.

See bottom....but don;t get too comfortable with it. I do network
administration for small businesses and may be posting from any PC - not
very practical to install a dedicated newsreader on all those PCs.

 

[Evertjan.]

smerf wrote on 23 okt 2006 in comp.lang.javascript:

"Why is there no mouse flavored cat food?"

The danger of any question is the inner presumption.

There is lots of mouse flavored cat food.

It is called "mice".

 

[ASM]

smerf a écrit :

--Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

But, you know, it's the damndest thing...I downloaded Opera 9.02 (their
newest) to try its newsreader and geuss what? It defaults the cursor to
the top of the post for replies - just like EVERY other newsreader.

Not at all : "e-mail clients" and not "news-reader", don't confuse.
If you use a real news-reader, by default it will not work as you say
and cursor will be set to bottom.

That begs the question - since top-posting is evidentally immoral - just
why are all of these newsreaders conspiring to place the cursors at the
top of the posts when you click on reply?

Because they are *not* news readers ?

Wouldn't it make more sense (if top posting is such a horrible sin) that
modern newsreaders like Opera 9.02

Opera in 1st approach is a "browser"
once more it's e-mail-client is not a news-reader, is it ?

Just tried it (9.00 Build 3264 on Mac OS 10.3.9) :
- not found preferences about composing mail
- help mentions anything about that possibility (answer before/after)
- no short-cuts to help typing (selection and targeted move)

As you use FireFox why won't you use ThunderBird ?
TB is an e-mail client offering news-reader's possibilities
as to place cursor at the bottom of answer, typing in text mode ...

They have a newsgroup
called opera.general

Not found in my "Subscribe NewsGroups" I've subscribed
Subscribe to Opera.news then opera.general
nothing more work with mail in my Opera :-(
(not very important : I don't like opera)

 

[RobG]

smerf wrote:
[...]

If top-posting is so bad, why does Outlook Express default to it?

Outlook Express doesn't write your response, you do. It is logical to
start at the top and work your way down, trimming what is unnecessary or
irrelevant, keeping and replying to what is.

Top posting reverses that logic.

Most of the posts that I read are top posted.

Not in this news group.

If its so bad, why are most posters that I see doing it?

Because they are either lazy or haven't been shown the light - maybe
both.

I guess that I assumed that most people were like me. I don't start in the
middle of a thread. If I am interested in the thread, I read ALL of the
posts, in order.

Then you don't need the body of each and every post in every subsequent
post.

You can't expect to get the whole story otherwise, as
people leave off portions of the conversation as they reply.

If you like starting and the start and working your way through each
post, then trimming replies will not affect your method of reading
newsgroups - it should make it more efficient.

[...]

What if people had to replay the whole conversation each time another person
in the conversation responded? That's what the alternative to top-posting
seems like to me.

Quite the opposite. Top-posting encourages respondents to simply leave
all the previous messages in their reply, whether they have any
relevance to their reply or not.

I post this way to save time.....at least it does for me and I assumed it
did so for everyone else.

So you fit the lazy category and expect everyone else to be lazy too. ;-)

Part of the reason for trimmed quotes is because it means others don't
have to scroll down through other messages to find out what you are
replying to. If you aren't prepared to take the time and effort to make
reading your posts efficient, you can expect people to stop reading and
replying.

Have I assumed too much of humanity yet again - to be able to follow a
conversation without continually re-hashing it over and over again?

More encouragement to not quote at all.


[...]

 

[Dr J R Stockton]

smerf wrote on 23 okt 2006 in comp.lang.javascript:

Posting under the "--" that is defined [on its own line] as "everything
below this is signature" will only be read by pure chance in dedicated
news readers.

In some dedicated newsreaders, perhaps. In this one, the entire body is
perfectly visible (if scrolled); but the under-slung material will be
coloured as sig and by default will be cropped on replying.

Smurf should read the references in my signature. Those who comply with
accepted newsgroup norms are more likely to get helpful replies.

 

[Evertjan.]

Dr J R Stockton wrote on 23 okt 2006 in comp.lang.javascript:

Smurf should read the references in my signature.

Smerf ... ;-} ;-} ;-}

Those who comply with
accepted newsgroup norms are more likely to get helpful replies.

established newsgroup norms?

 

[Randy Webb]

smerf said the following on 10/23/2006 3:14 AM:

If you had read my postings on the forums I pointed you to, you'd see
that is exactly what I am going to do.

There is another alternative. Make your site non-script enabled only.
The reverse of script required. Think about it!

The matter (for me) became one of (a) can frame busting pages be
included against thier will (the answer is yes) and (b) why would
somebody elect to use a form of content protection that not only is
ineffective, but limits the audience that may view the page (I still
don't know the answer to that one).

I don't see how using frame busting code "limits the audience" other
than the audience that uses a site to try to frame others contents. You
may not be trying to steal content but that is precisely what got frame
busting code created to start with.

As you probably know, navigational links (like those on the left hand
side of www.torrentscan.com) are set to open their pages in a content
frame to the right of the list of search links. IE7 does not change
this behavior. Try it out.

My mistake. I have it set to open all popups in a new tab and thought it
did the same with links (I am in the habit of right clicking and open in
new tab).

(As a side point, IE7's handling of tabs is irritating to me, to say the
least. I can't, for the life of me, find a setting to cause new web
addresses typed into the address bar to open in a new tab. So, I'm
still using Firefox as a primary browser.)

You can't, that I know of. If you want it in a new tab the only way is
to open the new tab and then type the address in.

If you are using my site, you understand what it does and how it does
it. If you didn't want to use a site like mine, you wouldn't be there.
And, if you can;t understand how a site like www.torrentscan.com
works...well, there's not a whole lot I can help you with.

I understand how it works and what it is doing. You should see how it
looks for me though. Scrollbars everywhere :\

I will. It will work fine for sites that don't fool themselves into a
false sense of security by using frame busting code. For those that do,
it will inform the user why it won't work with a particular site and
offer alternative sites to the user. (But you already knew all of that
from reading my posts on the forums -right? So, why ask the question?)

I didn't ask a question about it though. I gave you the solution.

Besides, you are the one tauting some magically simple knowledge of how
to trap frame busting pages in a frame. I think you are full of hot
air. Proof of that will be your refusal to reveal your supposedly
simple method. Of course your excuse will be to save the world from me,
but we both know that's not true.

Really? If I give the answer, and it is quite foolproof, will you go away?

<noscript>
...frame code here...
</noscript>
<script type="text/javascript">
document.location.href="whyYouCantUseMySiteWithScriptEnabled.html";
</script>

Now, bust out of my frames!

If you really had the web's best interest at heart, you would expose
this flaw so that Javascript interpreters could be fixed to prevent it.

It is not a flaw in the JS interpreters though.

The way I found to do it is to pass the request for a web page to a web
service that extracts the core (minus head and body tags) of the page,
tweaks the links to relative URLs, eliminate any obvious attempts at
defeating the content capture by removing offending code and returning
the tweaked page code to be included in a DIV tag on the original page.
Not all that difficult really.

Actually, it's not that simple. You would have to make all the links in
the page point to a page on your server that would redirect/intercept
again. And then you have to deal with JS issues that would result. If a
page has JS in it that modifies the body tag, and you stick it in a div
tag, your scheme is out the window.

I actually don't give a tinker's damn to include pages that use frame
busting code.

Then don't. But how do you propose to not include them? Pre-load them
from the server and scan them? That could get interesting if the code is
buried in an external file.

The only reason I looked into it to begin with is that I
wanted my users to be able to view any site they wanted from the search
page. It's called customer service - something most frame buster admins
have a poor grasp of anyway.

Tis true, tis true.

--Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

First, I didn't ask you to bottom post, and you didn't. I asked you not
to top-post. The posting style you used in this post is interleaved posting.

But, you know, it's the damndest thing...I downloaded Opera 9.02 (their
newest) to try its newsreader and geuss what? It defaults the cursor to
the top of the post for replies - just like EVERY other newsreader.
That begs the question - since top-posting is evidentally immoral - just
why are all of these newsreaders conspiring to place the cursors at the
top of the posts when you click on reply?

So that you start at the top of the post, remove what you aren't
replying to, and reply - interleaved - to what you want to reply to.
Just as you did in this post and as I am doing.

Wouldn't it make more sense (if top posting is such a horrible sin) that
modern newsreaders like Opera 9.02 would place the cursor at the bottom
of the post to begin with?

Actually, no. The top is the best place to place the cursor as that is
where you need to start so you can trim.

Maybe you should let them know of this horrible sin that they are helping
to perpetuate. They have a newsgroup called opera.general if you have a
minute to let them in on this problem.

The problem isn't where they place the cursor, it is placed in the best
place. The problem is what the user does with the cursor there.

Thanks again for your input.

Sure thing. And thank you for yours.

BTW, if top posting is so great in a typed medium, why don't they write
books upside down so you can read them backwards?

 

[smerf]

smerf said the following on 10/23/2006 3:14 AM:

There is another alternative. Make your site non-script enabled only. The
reverse of script required. Think about it!

But, that would also stop desired web apps from working, wouldn't it?

I don't see how using frame busting code "limits the audience" other than
the audience that uses a site to try to frame others contents. You may not
be trying to steal content but that is precisely what got frame busting
code created to start with.

I think it limits audiences from link pages. I'll take veiwers from
anywhere.

I understand the need to protect one's content and I agree wholeheartedly
with it. Unfortunately, frame busting is not likely to keep code safe from
any determined content theif. It is more irritant than deterrent.

My mistake. I have it set to open all popups in a new tab and thought it
did the same with links (I am in the habit of right clicking and open in
new tab).


You can't, that I know of. If you want it in a new tab the only way is to
open the new tab and then type the address in.


I understand how it works and what it is doing. You should see how it
looks for me though. Scrollbars everywhere :\

Is that because of your screen resolution?

What if the links were in a drop down menu across the top instead? That's
what I'm planning so that I can further categorize them and leave the screen
width for the framed content.

I didn't ask a question about it though. I gave you the solution.


Really? If I give the answer, and it is quite foolproof, will you go away?

If it works, I most certainly will.

Is whyYouCantUseMySiteWithScriptEnabled.html the same file that holds the
code you posted below?

<noscript>
..frame code here...
</noscript>
<script type="text/javascript">
document.location.href="whyYouCantUseMySiteWithScriptEnabled.html";
</script>

Now, bust out of my frames!


It is not a flaw in the JS interpreters though.

Is it browser specific?

Actually, it's not that simple. You would have to make all the links in
the page point to a page on your server that would redirect/intercept
again. And then you have to deal with JS issues that would result. If a
page has JS in it that modifies the body tag, and you stick it in a div
tag, your scheme is out the window.

I know it will not be simple in the sense that there will be many things I
have to redirect and possibly disable, but the core concept is pretty
straightforward.

Modifying code snippets will also need to be redirected to the DIV instead
of the BODY.

Then don't. But how do you propose to not include them? Pre-load them from
the server and scan them? That could get interesting if the code is buried
in an external file.

I meant not include them in my links. Before adding any pages to the links
section, I would naturally test to see of the author doesn't want to be
framed. If so, I would skip that author's page (not add it to the site
links).

Tis true, tis true.


First, I didn't ask you to bottom post, and you didn't. I asked you not to
top-post. The posting style you used in this post is interleaved posting.

Is interleaved posting acceptable? I do this all the time.

So that you start at the top of the post, remove what you aren't replying
to, and reply - interleaved - to what you want to reply to. Just as you
did in this post and as I am doing.
Done.


Actually, no. The top is the best place to place the cursor as that is
where you need to start so you can trim.


The problem isn't where they place the cursor, it is placed in the best
place. The problem is what the user does with the cursor there.


Sure thing. And thank you for yours.

BTW, if top posting is so great in a typed medium, why don't they write
books upside down so you can read them backwards?

I rather think of this medium as a series of open letters. In writing
letters, I have never been one to liberally quote from the letter to which
I am responding. The author knows what s/he wrote. And, here, what the
author wrote is public record.

I guess I just thought that the people following the thread would be
interested enough to read the messages in order - like the chapters of a
book. You wouldn't expect Chapter 2 to quote liberally from Chapter 1,
would you? The author of Chapter 2 rightly assumes (as did I) that you have
read Chapter 1.

Thanks again for your post!

I'll play with this code tomorrow and let you know what I find.

Smerf
"We're in this mess because the ignorant are ****-sure and the intelligent
are filled with doubt."

 

[Randy Webb]

smerf said the following on 10/24/2006 2:11 AM:

But, that would also stop desired web apps from working, wouldn't it?

Depends on how you look at it and what you call a desired web app
But, yes it would. It would allow you to stop frame busters also.

I think it limits audiences from link pages. I'll take veiwers from
anywhere.

And limit what you show them because of ignorance on the part of a page
author?

I understand the need to protect one's content and I agree wholeheartedly
with it. Unfortunately, frame busting is not likely to keep code safe from
any determined content theif. It is more irritant than deterrent.

Possibly, but it is something to be dealt with.

Is that because of your screen resolution?

Not so much my resolution but my preferred size of my browser window.
The resolution is 1024x768 at the moment but my IE window is only about
500x350 (1/4 of the monitor or so) so it throws scrollbars everywhere.

What if the links were in a drop down menu across the top instead? That's
what I'm planning so that I can further categorize them and leave the screen
width for the framed content.

That would be much better than the left side navigation is. It allows
for easier reading.

If it works, I most certainly will.

Is whyYouCantUseMySiteWithScriptEnabled.html the same file that holds the
code you posted below?

No, its a file that explains why you won't allow the site to work with
scripting enabled (so you can defeat frame busters). It's not a viable
solution but it's fool proof in that you can't use script to frame bust
if script is disabled.

Is it browser specific?

Not at all.

Modifying code snippets will also need to be redirected to the DIV instead
of the BODY.

And if the content is created using document.write or DOM methods you
are even worse off. It's not even as viable as noscript, especially with
the advent of the number of ajax driven sites on the web.

I meant not include them in my links. Before adding any pages to the links
section, I would naturally test to see of the author doesn't want to be
framed. If so, I would skip that author's page (not add it to the site
links).

Sounds like censorship to me

Is interleaved posting acceptable? I do this all the time.

Absolutely!

I rather think of this medium as a series of open letters. In writing
letters, I have never been one to liberally quote from the letter to which
I am responding. The author knows what s/he wrote. And, here, what the
author wrote is public record.

Not necessarily available at the time of reading the post though. And
USENET isn't a one to one medium, as you know.

 

[smerf]

smerf said the following on 10/24/2006 2:11 AM:

Depends on how you look at it and what you call a desired web app But,
yes it would. It would allow you to stop frame busters also.

While it is not what I am trying to do (force pages into frames unaltered),
I can see situations in which it would be useful.

And limit what you show them because of ignorance on the part of a page
author?

Yes. Frame busting pages will kick them out of my page.

Now, if there were a way to show frame busting pages with reduced
functionality (and alert the user to that reduced functionality) without
hitting my server and "tweaking" every page - THAT woudl be something
interesting.

Possibly, but it is something to be dealt with.



No, its a file that explains why you won't allow the site to work with
scripting enabled (so you can defeat frame busters). It's not a viable
solution but it's fool proof in that you can't use script to frame bust if
script is disabled.

So this is not accomplishing what I set out to do - to show an author's page
unaltered (from the surfers point of view) in a frame even though the author
may be using frame busting techniques.

It may show the frame busting page (ONLY if you have javascript disabled in
your browser agent), but it breaks all javascript, disabling all dynamic
pages (which are the majority of pages that people wish to visit). That
means no ajax apps and no dynamic web pages - no MySpace, no YouTube, etc. -
no dynamic javascript pages which are how most dynamic pages work these
days.

I think I'd rather give them full access to non-frame-busting pages than
only static viewing of all pages.

Besides which, most javascript enabled pages (if they are at all
sophisticated) will not even show their core content if javascript is
disabled - so I'd still have to scrape the guts out of the page using my
server option.

Not at all.



And if the content is created using document.write or DOM methods you are
even worse off. It's not even as viable as noscript, especially with the
advent of the number of ajax driven sites on the web.

I don't think this is true. There will need to be a lot of backend work to
convert pages...but it can definitely be done.

Sounds like censorship to me

Self censorship - by the authors no less. Go figure. I never would have
guessed that web authors would object to someone showing their content. You
just have to be smart about it. All of my websites are prtty much image
based.

It takes a little more bandwidth, but it displays the same on every browser
regardless of font settings or browser agent inconsistencies. My sites look
the same in IE or Firefox or Opera or Safari - on MAC, PC or Linux. Its not
508 to be sure, but it keeps the sites looking the way they were designed
and makes content theft even harder as the content itself is image based
(that's right, no text).

It has its down sides I'm sure...but I'm happy enough with the up sides to
stick with it.

Not necessarily available at the time of reading the post though. And
USENET isn't a one to one medium, as you know.

Lucky for ua all, Google keeps all of these threads and messages archived
and available via the free Google Groups web interface. So, if you are
missing articles - Google Group the thread.

Smerf

 

[smerf]

smerf said the following on 10/24/2006 2:51 PM:



That one line says the crux of this entire page. And there is only two
things to do to stop it and JS on the client can't do either one.

Your solution is not viable. You can't expect everyone to turn off
Javascript. It would break far too many great sites just to see a few
paranoid sites. I will not put my users through that.

With the BILLIONS of web pages out there, they can probably find the same
information and abilities on another less paranoid site. In fact, the
paranoid's site has probably been replicated somewhere else on the web
anyway (even with thier frame busting code - and probably because of it).

That I don't believe. Not without a full blown JS parser on the server any
way.

You don't need anything special. On a Windows server, using .Net, you can
use a webbrowser object to get the page and strip the code from the DOM.
(There is a gecko activex control that will allow the same thing - use the
one appropriate for the end user's browser.)

The authors are censoring your site? Surely you jest. You are the one
censoring it.

Hardly. I want to include thier sites remember? That's the ENTIRE reason
for the start of this thread. No...if they want to be on their own by
acting like a cat dropping acid...so be it. I'll happily include their site
of they drop the frame busting code (or add code to their framebusting code
to allow my site to trap their site while kicking out of others). Whether
they are included or not is entirely up to them - not me. Instructions for
inclusion will be posted for any site that kicks out.

Normally, I would agree with that. But I used AOL for a very long time to
access Usenet (I don't use it anymore for Usenet)

AOL dropped USENET. I hate AOL - cheap bastards....charging people for
access and THEN advertising like a spammer on meth to them anyway.

I'd like to give an IQ test to all AOL users. I think the results would be
entertaining - not necc surprising.

but I have waited up to 2 days for a message to appear in Google that HTML
code in it (AOL rendered the HTML so it made it impossible to read code)
that would appear in the AOL Usenet within minutes. Even now, Google
doesn't always get the message anytime soon (I still see lags in my own
messages of up to 4 hours to appear in Google). The only exception is if
you post from Google Groups then it appears instantly.

There is a lag there....but if you are too late to see some of the messages
(as most services keep text messages for 30+ days) they are probably already
there.

 

[smerf]

smerf said the following on 10/26/2006 11:33 PM:


And I have told you already that it is impossible for an outside site to
add code to allow you to identify it, or, for it to identify your frame
set. It can't read the URL of the frameset for the same reason you can't
access the frame code. Its a security violation.

I will leave you with your misconceptions. Although you are technically
right in saying that a page in an iFrame cannot directly access the parent's
URL - you are wrong in suggestion that the URL is not accessible from the
parent.

You are over-thinking this.

This concludes my correspondence with you on this matter.

Good day, sir!

I SAID GOOD DAY!

 

[smerf]

I will leave you with your misconceptions. Although you are technically
right in saying that a page in an iFrame cannot directly access the
parent's URL - you are wrong in suggestion that the URL is not accessible
from the parent.

In fact, the URL can be encoded in such a way as to defeat most (IMHO you
should never say all) attempts at masquerading as my site.

This means that sites that want to opt-in can do so without fear that
another site may masquerade as my site and also display their content.

This beast just may not be dead yet...

 

[Randy Webb]

smerf said the following on 10/24/2006 2:51 PM:

news:[email protected]...

Frame busting pages will kick them out of my page.

That one line says the crux of this entire page. And there is only two
things to do to stop it and JS on the client can't do either one.

I don't think this is true. There will need to be a lot of backend work to
convert pages...but it can definitely be done.

That I don't believe. Not without a full blown JS parser on the server
any way.

Self censorship - by the authors no less.

The authors are censoring your site? Surely you jest. You are the one
censoring it.

Lucky for ua all, Google keeps all of these threads and messages archived
and available via the free Google Groups web interface. So, if you are
missing articles - Google Group the thread.

Normally, I would agree with that. But I used AOL for a very long time
to access Usenet (I don't use it anymore for Usenet) but I have waited
up to 2 days for a message to appear in Google that HTML code in it (AOL
rendered the HTML so it made it impossible to read code) that would
appear in the AOL Usenet within minutes. Even now, Google doesn't always
get the message anytime soon (I still see lags in my own messages of up
to 4 hours to appear in Google). The only exception is if you post from
Google Groups then it appears instantly.

 

[Randy Webb]

smerf said the following on 10/26/2006 11:33 PM:
I started to snip everything in this post that had anything to do with
how to maintain a page in a frame - using client side scripting - when
the page author had script in the page to bust out of frames but then I
realized there wouldn't be anything left in this post.

Your solution is not viable.

Don't confuse viable and acceptable. If your content is important
enough, then it becomes very viable to get people to disable JS to view
your page.

You can't expect everyone to turn off Javascript.

You can't expect everyone to turn it on or even have it available to be
turned on.

It would break far too many great sites just to see a few
paranoid sites. I will not put my users through that.

Yet you want to limit the pages they can see because of your own warped
beliefs about internet security. How intuitive.

With the BILLIONS of web pages out there, they can probably find the same
information and abilities on another less paranoid site. In fact, the
paranoid's site has probably been replicated somewhere else on the web
anyway (even with thier frame busting code - and probably because of it).

And you can find another site such as yours (they are quite abundant)
that doesn't censor out sites based on a simple frame busting script.

You don't need anything special. On a Windows server, using .Net, you can
use a webbrowser object to get the page and strip the code from the DOM.

I still don't believe it. If I have code that manipulates the document
based on parentNode and childNode and comparing them to the structure of
my own document then you will *HAVE* to have an HTML parser and a JS
parser on your server to be able to properly transform it work in your
div tag.

But, just for kicks and giggles, please tell me how you would transform
code that manipulates style sheets using IE's
document.styleSheets[0].rules without a JS/CSS/HTML parser on the
server. Please oh please do post code that can do that!

(There is a gecko activex control that will allow the same thing - use the
one appropriate for the end user's browser.)

What does the end user's browser have to do with what you are going to
do on the server?

Hardly. I want to include thier sites remember? That's the ENTIRE reason
for the start of this thread.

No, the entire reason for this thread was you want to frame a site that
has explicitly attempted to keep you from framing it.

No...if they want to be on their own by acting like a cat dropping acid...so
be it. I'll happily include their site of they drop the frame busting code
(or add code to their framebusting code to allow my site to trap their site
while kicking out of others).

And I have told you already that it is impossible for an outside site to
add code to allow you to identify it, or, for it to identify your frame
set. It can't read the URL of the frameset for the same reason you can't
access the frame code. Its a security violation.

Whether they are included or not is entirely up to them - not me. Instructions
for inclusion will be posted for any site that kicks out.

You are amazing, totally amazing. You want to change the way a site
works and instead of talking to that site you are here complaining about
not being able to change the code from another site.

AOL dropped USENET.

Your mastery of the obvious is overwhelming at times.

I hate AOL - cheap bastards....charging people for access and THEN advertising
like a spammer on meth to them anyway.

I am not getting into a debate with you about AOL and the marketing
practices of AOL. But, needless to say, if you think AOL charges for
"access" then it explains just how much of AOL you actually understand.
And it also displays *your* IQ level as AOL is free to broadband users.
Perhaps you should spend some time reading up on what it is that you
babble about before you babble about it.

I'd like to give an IQ test to all AOL users. I think the results would be
entertaining - not necc surprising.

Considering your own display of IQ level, I doubt you are in a position
to accurately determine the IQ of *anybody* much less an AOL user.

There is a lag there....but if you are too late to see some of the messages
(as most services keep text messages for 30+ days) they are probably already
there.

You went from finding an old message to finding a new message. Please
learn to read, and comprehend what you read, before commenting on what
you attempted to read.