How to stop my website being framed by others?

2019-01-26 01:29发布

How can I stop my website from loading in a frame?

As can be seen here: http://yehg.net/lab/pr0js/pentest/cross_site_framing.php

Google.com won't load, msn.com will break out of the frame. AOL.com will load fine. How do I make my website either break out of the frame or load in the whole window?

标签： javascript iframe xss

3条回答

【Aperson】

2楼-- · 2019-01-26 02:07

Break out of frame script can be done if you compare the url of top frame to the current frame url:

if(window.top.location.href != window.href)
{
  window.top.location = window.href;
}

0人赞添加讨论(0) 举报

对你真心纯属浪费

3楼-- · 2019-01-26 02:17

These might point you in the right direction... Or google 'break out of iframe'?

Frame Buster Buster ... buster code needed

Detect iFrame embedding in Javascript

How to identify if a webpage is being loaded inside an iframe or directly into the browser window?

0人赞添加讨论(0) 举报

聊天终结者

4楼-- · 2019-01-26 02:26

This little script snippet should work:

<script>
if (window !== top) top.location = window.location;
</script>

Also, you can prevent your pages from being loaded in an iframe by specifying a X-Frame-Options: DENY header. See https://developer.mozilla.org/en-US/docs/The_X-FRAME-OPTIONS_response_header for details.

0人赞添加讨论(0) 举报

How to stop my website being framed by others?

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间