Want to understand iframe breakout code

2019-07-20 03:17发布

问题:

With this script code (below) placed in between the head tags, I am told that this will not allow the page to load in an iframe.

If this is correct, is there anything that needs to be replaced with my custom URL or similar in this code (e.g., top.location should be top.myurl)?

Or do you leave it as it is, and just paste it in the head of the page? I'm trying to understand how this works.

if (top.location!= self.location) {
  top.location = self.location.href
}

回答1:

This code will work if it is placed in the HTML that is referenced inside an iframe. The way it works is it looks at top (the page you requested that includes an iframe) and self the page inside the iframe. If there are different then it changes the top.location to match the URL of the iframe.

Here is some ASCII to help understand this

|----[OuterPage.html]------|
|                          |
|    |--[InnerPage.html]-| |
|    |                   | |
|    | top !== self      | |
|    |                   | |
|    |-------------------| |
|                          |
| top === self             |
|                          |
|--------------------------|

If you request InnerPage.html by itself (not in an iframe) then top === self will evaluate to true, however if you request the same page inside an iframe then the same condition will evaluate as false.