Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > javascript > answers

Detect which IFrame is trying to change the top level document href/URL?

Robert Oschler
Guest
  
Posts: n/a
#1: Jul 20 '05
I have a comparison web page that has several iframes that contain documents
from external domain web sites. Some of the web sites are "trusted". If
they want to change the top level document location (document.location.href)
via Javascript or using "_TOP" as the target for a SUBMIT operation, etc.,
then I want to allow it. The other web sites I want to block if they try to
do that. I would do the blocking in the top level document onunload() event
handler.

Is there a way to know _which_ IFrame is trying to change the top level
document URL. I know I can't do anything to examine the contents of an
external domain sourced IFrame, due to browser security issues, but I was
hoping there might be something from an event handler standpointthat would
allow me tp grab the ID or NAME attribute of an IFrame, that triggers a top
level document location change. Note: I mean the ID or NAME attribute that
I assigned to the IFrame Node element that resides in _my_ document's, the
top level document, domain space.

Any ideas?

thx

--

Robert Oschler
"Let the web hear you, add your voice to your web site in minutes!"
-- http://audiodirect.spiderchase.com/
(For a limited time, free voiceover with every sign-up, use this link
instead)
-- http://audio.spiderchase.com/
(A song - are you blue?)
-- http://bluedreams.spiderchase.com/

Fred Basset
Guest
  
Posts: n/a
#2: Jul 20 '05

re: Detect which IFrame is trying to change the top level document href/URL?

I'm sorry that I can't be more helpful, but all I can be pretty certain
of is that you can't prevent the unloading of a page. Imagine the hassle
that annoying ad-pages could cause if they could prevent the unload of
the page whenever they wanted ... unfortunately you may need another
solution?

Fred Basset
fred.basset@whosyourdaddy.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Robert Oschler
Guest
  
Posts: n/a
#3: Jul 20 '05

re: Detect which IFrame is trying to change the top level document href/URL?

"Fred Basset" <fred.basset@whosyourdaddy.com> wrote in message
news:3f4b167a$1$62079$75868355@news.frii.net...[color=blue]
> I'm sorry that I can't be more helpful, but all I can be pretty certain
> of is that you can't prevent the unloading of a page. Imagine the hassle
> that annoying ad-pages could cause if they could prevent the unload of
> the page whenever they wanted ... unfortunately you may need another
> solution?
>
> Fred Basset
> fred.basset@whosyourdaddy.com
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it![/color]

Fred,

Perhaps I misunderstand you but I've been very successful preventing the
unload of a page with:

// Between head tags.
<SCRIPT>
var gCurrentURL = document.location.href;
</SCRIPT>

// Function called by BODY onunload() event.
function onBodyUnload()
{
// This prevents the URL change by resetting the document
// document.location.href property to the current URL.
// This is where I would put the logic, if I knew how, to prevent the
URL
// change if an "untrusted" IFrame tried to change the top level URL.
document.location.href = gCurrentURL;
}

thx
--

Robert Oschler
"Let the web hear you, add your voice to your web site in minutes!"
-- http://audiodirect.spiderchase.com/
(For a limited time, free voiceover with every sign-up, use this link
instead)
-- http://audio.spiderchase.com/
(A song - are you blue?)
-- http://bluedreams.spiderchase.com/
Fred Basset
Guest
  
Posts: n/a
#4: Jul 20 '05

re: Detect which IFrame is trying to change the top level document href/URL?

My apologies!! I'm not having a good morning today obviously.

Just tried your code, and it works exactly as you say. I could've sworn
I've tried to do exactly that same thing previously and not been able to
... I'll just go tuck into my humble pie :)

Fred Basset
fred.basset@whosyourdaddy.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Csaba2000
Guest
  
Posts: n/a
#5: Jul 20 '05

re: Detect which IFrame is trying to change the top level document href/URL?

Some thoughts (none tested):

In your code below, doesn't it do a refresh the way
that you have it? If so, couldn't you rather cancel the
event to avoid the refresh?

Also, since you are setting document.location.href to
something, my thought is what is that value that is
then in there? Is it already the hopeful new document's
href? If so, and if the number of trusted sites is
"reasonably finite" (after all, to trust a site you should
know it, right?) then you could cancel the event or
use your technique if the purported destination is
one of the trusted domains

Lotta ifs...

Good luck,
Csaba Gabor

"Robert Oschler" <no_replies@fake_email_address.invalid> wrote in message
news:ltG2b.18548$2Y6.5657574@news2.news.adelphia.n et...[color=blue]
> "Fred Basset" <fred.basset@whosyourdaddy.com> wrote in message
> news:3f4b167a$1$62079$75868355@news.frii.net...[color=green]
> > I'm sorry that I can't be more helpful, but all I can be pretty certain
> > of is that you can't prevent the unloading of a page. Imagine the hassle
> > that annoying ad-pages could cause if they could prevent the unload of
> > the page whenever they wanted ... unfortunately you may need another
> > solution?
> >
> > Fred Basset
> > fred.basset@whosyourdaddy.com
> >
> > *** Sent via Developersdex http://www.developersdex.com ***
> > Don't just participate in USENET...get rewarded for it![/color]
>
> Fred,
>
> Perhaps I misunderstand you but I've been very successful preventing the
> unload of a page with:
>
> // Between head tags.
> <SCRIPT>
> var gCurrentURL = document.location.href;
> </SCRIPT>
>
> // Function called by BODY onunload() event.
> function onBodyUnload()
> {
> // This prevents the URL change by resetting the document
> // document.location.href property to the current URL.
> // This is where I would put the logic, if I knew how, to prevent the
> URL
> // change if an "untrusted" IFrame tried to change the top level URL.
> document.location.href = gCurrentURL;
> }
>
> thx
> --
>
> Robert Oschler
> "Let the web hear you, add your voice to your web site in minutes!"
> -- http://audiodirect.spiderchase.com/
> (For a limited time, free voiceover with every sign-up, use this link
> instead)
> -- http://audio.spiderchase.com/
> (A song - are you blue?)
> -- http://bluedreams.spiderchase.com/
>
>[/color]
Closed Thread

« previous question | next question »

Similar JavaScript / Ajax / DHTML bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,449 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved