By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
444,078 Members | 1,846 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 444,078 IT Pros & Developers. It's quick & easy.

Trapping a page in a frame?

P: n/a
Using javascript, is there a way to trap an external page inside a frame?
I've seen scripts to break out of frames, but nothing to keep a page trapped
in a frame.
Oct 21 '06 #1
Share this Question
Share on Google+
42 Replies


P: n/a
smerf wrote on 21 okt 2006 in comp.lang.javascript:
Using javascript, is there a way to trap an external page inside a
frame? I've seen scripts to break out of frames, but nothing to keep a
page trapped in a frame.
Never looked at MS specs on the web doing that?

<http://msdn.microsoft.com/workshop/a...jects/obj_loca
tion.asp>

=====================

possibly:

if (top.location.href == location.href) {
top.location.href =
'http://myDomain.xxx/framespage.html?frame2='+location.href

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Oct 21 '06 #2

P: n/a
ASM
smerf a écrit :
Using javascript, is there a way to trap an external page inside a frame?
I've seen scripts to break out of frames, but nothing to keep a page trapped
in a frame.

it is exacktely same method (or quite)

if(self == top) location='http://mySever/mySite/index';
Or to go back in right place try something like :

if(self == top || (parent.frames && !parent.myFrameToMe)) {
var url = self.location;
setTimeout(function() { parent.myFrameToMe.location=url; },1000);
location = 'http://mySever/mySite/index';
}

and of course you have a frame named 'myFrameToMe' on your main page.

(not tested)
other way (in french) :
http://stephane.moriaux.perso.orange...e_en_frame.htm

--
ASM
Oct 21 '06 #3

P: n/a
Will this work for trapping someone else's frames?

Basically I want to make a site like www.torrentscan.com (beware of the
irritating popup) but for educational links. Some of the sites that may be
added will try and break out of the main content frame.

As I understand it, most pages that try and break out of frames do so to
keep others from claiming content as their own (stealing content). Hpwever,
since I am not claiming their content as my own, nor am I altering their
content in any way, I want to be able to force them to stay in a frame next
to my searchbox/sidebar like on www.torrentscan.com (again, beware of the
irritating popup).

There is one other issue that they may have with my links page. If a user
wanted to bookmark their page, doing so from my framed page would not allow
that direct link. I'd like to add an "Add to favorites" button above each
of their pages to allow users to add the framed pages directly to thier
bookmarks/favorites.

Is this a pretty easy thing to do? Should I do it with yet another frame -
just right above the main content frame? And, can javascript read and
manipulate pages in other frames (to get the URL and description) even
though the other frames contain content from other domains?

Thanks soooooo much for your help. I'm new to javascript and trying to
learn all that I can. In fact, any out of the way (i.e. no in the top 50 on
Google) links to good Javascript code/hacks/tutorials would also be
appreciated.

May your camel know the location of every oasis.

"ASM" <st*********************@wanadoo.fr.invalidwrote in message
news:45***********************@news.orange.fr...
smerf a écrit :
>Using javascript, is there a way to trap an external page inside a frame?
I've seen scripts to break out of frames, but nothing to keep a page
trapped in a frame.


it is exacktely same method (or quite)

if(self == top) location='http://mySever/mySite/index';
Or to go back in right place try something like :

if(self == top || (parent.frames && !parent.myFrameToMe)) {
var url = self.location;
setTimeout(function() { parent.myFrameToMe.location=url; },1000);
location = 'http://mySever/mySite/index';
}

and of course you have a frame named 'myFrameToMe' on your main page.

(not tested)
other way (in french) :
http://stephane.moriaux.perso.orange...e_en_frame.htm

--
ASM

Oct 21 '06 #4

P: n/a
ASM
smerf a écrit :
Will this work for trapping someone else's frames?

Basically I want to make a site like www.torrentscan.com (beware of the
irritating popup) but for educational links. Some of the sites that may be
added will try and break out of the main content frame.
Ha OK, you don't want to see your own pages to do so.
But want these from other sites stop to do it and stay in your frames.

It is very incorrect to show a page from an other site in the window of
your own site.
Hpwever, since I am not claiming their content as my own,
However they *seem to* belong to your site.
Is there a real difference between to copy a page or to capture it ?
Both can be interpreted as stolen.
nor am I altering their content in any way,
Contrefaçon, copy, clone, captured --all the same : they aren't yours.
I want to be able to force them to stay in a frame next
to my searchbox/sidebar like on www.torrentscan.com (again, beware of the
irritating popup).
I saw no popup (anti-popup in FireFox)
I think all what you see here are pages from torrent (and his associated
sites, probably from same domain) distributed via a google engine.

You probably can find at Google a what engine for free to insert in your
site (for your own pages).
http://www.google.fr/intl/en/searchcode.html

I think to force pages having a javascript to go away from frames to
stay in your frame is not possible.
There is one other issue that they may have with my links page. If a user
wanted to bookmark their page, doing so from my framed page would not allow
that direct link.
Yes it's one of the problems.
I'd like to add an "Add to favorites" button above each
of their pages to allow users to add the framed pages directly to thier
bookmarks/favorites.
That doesn't work if visitor's browser is not IE ...
In your viewer frame you put an onload to call function to add this
button (call will be launched on each new page there displayed).

Code to put in your page of frames :

<script type="text/javascript">
function addFav() {
var b = document.createElement('button');
b.onclick = function() {
window.external.AddFavorite(window.location,docume nt.title); }
var t = document.createTextNode('Add this page to favorites');
b.appendChild(t);
document.body.appendChild(b);
}
</script>
<frame name="viewer" onload="addFav();" ...
Is this a pretty easy thing to do? Should I do it with yet another frame -
just right above the main content frame? And, can javascript read and
manipulate pages in other frames (to get the URL and description) even
though the other frames contain content from other domains?
To get url is not a problem (you have already got it to call the page).
Probably not allowed to get its content (but try it).

So have your button in menu/search frame

<button onclick="var url = parent.viewer.location;
var title = parent.viewer.document.title;
window.external.AddFavorite(url,title);">add to favorites</button>

if 'viewer' above is the name of the frame where are displayed other pages.

And I'm not sure of function about add favorite (I haven't IE Windows).

--
ASM
Oct 21 '06 #5

P: n/a
Thanks so much for your help.

It is not my intention that anyone think that I designed these sites or that
they are somehow a creation of mine. (I mean, what if they screw up their
site? I don't want people thinking I code that bad, right?)

I will make sure that my page plainly indicates that the sites linked to are
not mine and are the creation/responsibility of the respsective website
owners.

I have enough trouble keeping my own content straight.

Thanks again!

"ASM" <st*********************@wanadoo.fr.invalidwrote in message
news:45**********************@news.orange.fr...
smerf a écrit :
>Will this work for trapping someone else's frames?

Basically I want to make a site like www.torrentscan.com (beware of the
irritating popup) but for educational links. Some of the sites that may
be added will try and break out of the main content frame.

Ha OK, you don't want to see your own pages to do so.
But want these from other sites stop to do it and stay in your frames.

It is very incorrect to show a page from an other site in the window of
your own site.
>Hpwever, since I am not claiming their content as my own,

However they *seem to* belong to your site.
Is there a real difference between to copy a page or to capture it ?
Both can be interpreted as stolen.
>nor am I altering their content in any way,

Contrefaçon, copy, clone, captured --all the same : they aren't yours.
>I want to be able to force them to stay in a frame next to my
searchbox/sidebar like on www.torrentscan.com (again, beware of the
irritating popup).

I saw no popup (anti-popup in FireFox)
I think all what you see here are pages from torrent (and his associated
sites, probably from same domain) distributed via a google engine.

You probably can find at Google a what engine for free to insert in your
site (for your own pages).
http://www.google.fr/intl/en/searchcode.html

I think to force pages having a javascript to go away from frames to stay
in your frame is not possible.
>There is one other issue that they may have with my links page. If a
user wanted to bookmark their page, doing so from my framed page would
not allow that direct link.

Yes it's one of the problems.
>I'd like to add an "Add to favorites" button above each of their pages to
allow users to add the framed pages directly to thier
bookmarks/favorites.

That doesn't work if visitor's browser is not IE ...
In your viewer frame you put an onload to call function to add this button
(call will be launched on each new page there displayed).

Code to put in your page of frames :

<script type="text/javascript">
function addFav() {
var b = document.createElement('button');
b.onclick = function() {
window.external.AddFavorite(window.location,docume nt.title); }
var t = document.createTextNode('Add this page to favorites');
b.appendChild(t);
document.body.appendChild(b);
}
</script>
<frame name="viewer" onload="addFav();" ...
>Is this a pretty easy thing to do? Should I do it with yet another
frame - just right above the main content frame? And, can javascript
read and manipulate pages in other frames (to get the URL and
description) even though the other frames contain content from other
domains?

To get url is not a problem (you have already got it to call the page).
Probably not allowed to get its content (but try it).

So have your button in menu/search frame

<button onclick="var url = parent.viewer.location;
var title = parent.viewer.document.title;
window.external.AddFavorite(url,title);">add to favorites</button>

if 'viewer' above is the name of the frame where are displayed other
pages.

And I'm not sure of function about add favorite (I haven't IE Windows).

--
ASM

Oct 21 '06 #6

P: n/a
smerf wrote on 22 okt 2006 in comp.lang.javascript:
It is not my intention that anyone think that I designed these sites
or that they are somehow a creation of mine. (I mean, what if they
screw up their site? I don't want people thinking I code that bad,
right?)

I will make sure that my page plainly indicates that the sites linked
to are not mine and are the creation/responsibility of the respsective
website owners.

I have enough trouble keeping my own content straight.
[Please do not toppost on usenet]

Come on.

Why should one infer that your intentions are good,
[because you would not want to be associated with bad code]
if your Q is bad?

You should not use domain-external pages in your frames,
if you are not the owner of both or have permission of the owner,
even if you indicate that.

Use a link.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Oct 22 '06 #7

P: n/a

"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
smerf wrote on 22 okt 2006 in comp.lang.javascript:
>It is not my intention that anyone think that I designed these sites
or that they are somehow a creation of mine. (I mean, what if they
screw up their site? I don't want people thinking I code that bad,
right?)

I will make sure that my page plainly indicates that the sites linked
to are not mine and are the creation/responsibility of the respsective
website owners.

I have enough trouble keeping my own content straight.

[Please do not toppost on usenet]
The no top posting "rule" is BS. Why would you want toscroll through many
lines of old msgs just to get to the latest reply. If you want to catch up
on the thread, read all of the posts - or scroll down and start at the
bottom.

I wouldn't want to do that, and I won't make others do it either.

Please do not assume the postion of Usenet cop. It's irritating and it does
no good.
>
Come on.

Why should one infer that your intentions are good,
[because you would not want to be associated with bad code]
if your Q is bad?
You don't have to infer anything. I have stated my purpose. I don't need
to defend it.
>
You should not use domain-external pages in your frames,
if you are not the owner of both or have permission of the owner,
even if you indicate that.
I humbly disagree.
>
Use a link.
Not an option.

But, thanks for your opinion though.

Oct 22 '06 #8

P: n/a
ASM
smerf a écrit :
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
>smerf wrote on 22 okt 2006 in comp.lang.javascript:
[Please do not toppost on usenet]

The no top posting "rule" is BS. Why would you want toscroll through many
lines of old msgs just to get to the latest reply.
- Feel fine, thanks.
- Hello! How are you?

Is it a natural way to present ?
If you want to catch up
on the thread, read all of the posts
It is not quetion to do so.
You have only to report part of precedent text you answer, then to answer.
>You should not use domain-external pages in your frames,
if you are not the owner of both or have permission of the owner,
even if you indicate that.

I humbly disagree.
However it is what I did tell to you.
Exactly same as to insert in a book pages from an other author :
legally you can't do it without his permission.
--
ASM
Oct 22 '06 #9

P: n/a
Technically speaking, you can't scan an author's website and post the
results in a search engine without the author's permission either - but who
is suing Google?

"ASM" <st*********************@wanadoo.fr.invalidwrote in message
news:45***********************@news.orange.fr...
smerf a écrit :
>"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
>>smerf wrote on 22 okt 2006 in comp.lang.javascript:
[Please do not toppost on usenet]

The no top posting "rule" is BS. Why would you want toscroll through
many lines of old msgs just to get to the latest reply.

- Feel fine, thanks.
- Hello! How are you?

Is it a natural way to present ?
> If you want to catch up on the thread, read all of the posts

It is not quetion to do so.
You have only to report part of precedent text you answer, then to answer.
>>You should not use domain-external pages in your frames,
if you are not the owner of both or have permission of the owner,
even if you indicate that.

I humbly disagree.

However it is what I did tell to you.
Exactly same as to insert in a book pages from an other author :
legally you can't do it without his permission.
--
ASM

Oct 22 '06 #10

P: n/a
smerf said the following on 10/22/2006 5:55 AM:
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
>[Please do not toppost on usenet]

The no top posting "rule" is BS.
Top-posting is for idiots, take your pick.
Why would you want toscroll through many lines of old msgs
just to get to the latest reply.
It is called trimming and interleaving.

Answer:It destroys the order of the conversation
Question: Why?
Answer: Top-Posting.
Question: Whats the most annoying thing on Usenet?
If you want to catch up on the thread, read all of the posts - or
scroll down and start at the bottom.
Now there is an ingenious idea. If someone wants to know what the
discussion with regards to top-posting is about you are suggesting they
read an entire thread that was started to find out how to steal content
from another site and force it into an IFrame? (BTW, I can tell you how
to do what you want to do).
I wouldn't want to do that, and I won't make others do it either.
Nobody asked you to, they only asked you to use common sense and follow
the practice of others.
Please do not assume the postion of Usenet cop. It's irritating and it does
no good.
Nobody has, but as long as you desire to be confrontational, you won't
get an answer to your question. And the solution is quite simple.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 22 '06 #11

P: n/a
ASM
smerf a écrit :
Technically speaking, you can't scan an author's website and post the
results in a search engine without the author's permission either - but who
is suing Google?
Google doesn't open foreign pages in its frames, no ?

It does as told besides : a link to the foreign page.

This last method is not in contradiction with copyrights, something like
to talk about a book and to give it's title and/or its author.

--
ASM
Oct 23 '06 #12

P: n/a
ASM
Randy Webb a écrit :
>
how to steal content
from another site and force it into an IFrame? (BTW, I can tell you how
to do what you want to do). And the solution is quite simple.
I am interested.

(Because I don't see. Too much simple ?)

--
ASM
Oct 23 '06 #13

P: n/a
I don't mean to be confrontational, I had been up for 37 hours working on
this problem and was not at my best.

My apologies to Evertjan.

If top-posting is so bad, why does Outlook Express default to it? Most of
the posts that I read are top posted. If its so bad, why are most posters
that I see doing it?

I guess that I assumed that most people were like me. I don't start in the
middle of a thread. If I am interested in the thread, I read ALL of the
posts, in order. You can't expect to get the whole story otherwise, as
people leave off portions of the conversation as they reply.

When I open a message here, I already am (mentally) at the end of the last
message that I read in the thread. I am ready for a response.....not a
recap.

It simply seems to me that the only people that would have a problem with
top posting are those who (a) can't remember the last time they read
anything in the thread or (b) have a hard time following the evolution of a
topic. They probably would not be able to play chess via snail mail (which
is actually quite a unique experience).

What if people had to replay the whole conversation each time another person
in the conversation responded? That's what the alternative to top-posting
seems like to me.

I post this way to save time.....at least it does for me and I assumed it
did so for everyone else.

Have I assumed too much of humanity yet again - to be able to follow a
conversation without continually re-hashing it over and over again?

Then, there is the fact that the only time I really use USENET over web
resources is as a last resort. When I come here, I have exhausted all other
means of finding the answers which I seek. And, to be honest, it isn't that
often.

In the spirit of USENET, while I am here seeking answers, I visit other
newsgroups (29 not including this one) and answer as many questions as I
can...to give back.

So, is it worth changing USENET clients and fussing over semantics or should
we simply do our best to help anyone in need without succumbing to the
temptation of being judgmental?

I say help each person where they are. I do. Why place requirements on the
conditions in which you will help someone in need? That's just cruel.

And, if I were to change USENET tools, which would I use. All of the ones I
have seen have atrocious interfaces. As a developer/tester of UIs, they
literally make me ill.

As for the original problem, the only solution I can find involves using a
server to harvest the content that is to be displayed and return it to the
browser for display. Unfortunately this is not an option, as the bandwidth
required for such a site would not allow a free and ad-free site as is
desired.

If you do have any suggestions, either for a USENET client shows UI doesn't
suck or on a way to load frame busting pages in IE, Firefox, Opera and
Safari web browser I'd love to hear about them.

And, yes, I know about the IE trick of restricting scripts in iframes, but
that is not cross platform and this solution must work with Safari, Opera,
IE, Firefox and Netscape to reach all of those that wish to use it.

Thanks for your post.

"Randy Webb" <Hi************@aol.comwrote in message
news:HZ********************@telcove.net...
smerf said the following on 10/22/2006 5:55 AM:
>"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
>>[Please do not toppost on usenet]

The no top posting "rule" is BS.

Top-posting is for idiots, take your pick.
>Why would you want toscroll through many lines of old msgs just to get to
the latest reply.

It is called trimming and interleaving.

Answer:It destroys the order of the conversation
Question: Why?
Answer: Top-Posting.
Question: Whats the most annoying thing on Usenet?
>If you want to catch up on the thread, read all of the posts - or scroll
down and start at the bottom.

Now there is an ingenious idea. If someone wants to know what the
discussion with regards to top-posting is about you are suggesting they
read an entire thread that was started to find out how to steal content
from another site and force it into an IFrame? (BTW, I can tell you how to
do what you want to do).
>I wouldn't want to do that, and I won't make others do it either.

Nobody asked you to, they only asked you to use common sense and follow
the practice of others.
>Please do not assume the postion of Usenet cop. It's irritating and it
does no good.

Nobody has, but as long as you desire to be confrontational, you won't get
an answer to your question. And the solution is quite simple.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices -
http://www.JavascriptToolbox.com/bestpractices/

Oct 23 '06 #14

P: n/a
For those interested, this same topic is being discussed by me at
http://www.codingforums.com/forumdisplay.php?f=2 .

"smerf" <sm***@shroom.comwrote in message
news:_p*****************@bignews6.bellsouth.net...
Using javascript, is there a way to trap an external page inside a frame?
I've seen scripts to break out of frames, but nothing to keep a page
trapped in a frame.

Oct 23 '06 #15

P: n/a
Another point of view (which I just happen to agree with...)
http://avc.blogs.com/a_vc/2005/11/the_future_of_m.html
"smerf" <sm***@shroom.comwrote in message
news:_p*****************@bignews6.bellsouth.net...
Using javascript, is there a way to trap an external page inside a frame?
I've seen scripts to break out of frames, but nothing to keep a page
trapped in a frame.

Oct 23 '06 #16

P: n/a
smerf said the following on 10/22/2006 10:42 PM:
For those interested, this same topic is being discussed by me at
http://www.codingforums.com/forumdisplay.php?f=2 .
Too bad you are as wrong there as you are here.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 23 '06 #17

P: n/a
ASM said the following on 10/22/2006 8:47 PM:
Randy Webb a écrit :
>>
how to steal content from another site and force it into an IFrame?
(BTW, I can tell you how to do what you want to do). And the solution
is quite simple.

I am interested.

(Because I don't see. Too much simple ?)
Its trivial. All it takes is to think about it calmly and figure out how
it works and how to defeat it. Think simple, don't over complicate it.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 23 '06 #18

P: n/a
Now, how does that help?

I am always willing to learn from my errors when they are pointed out. Feel
free to correct anything that I have said here or in the forums.

If not for my edification, at least for the others that may have read my
posts.

You have my undivided attention. Fire when ready.
"Randy Webb" <Hi************@aol.comwrote in message
news:Pq********************@telcove.net...
smerf said the following on 10/22/2006 10:42 PM:
>For those interested, this same topic is being discussed by me at
http://www.codingforums.com/forumdisplay.php?f=2 .

Too bad you are as wrong there as you are here.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices -
http://www.JavascriptToolbox.com/bestpractices/

Oct 23 '06 #19

P: n/a
smerf said the following on 10/23/2006 1:13 AM:
Now, how does that help?

I am always willing to learn from my errors when they are pointed out.
Obviously not as you continue to top-post when asked repeatedly not to.
Feel free to correct anything that I have said here or in the forums.
If not for my edification, at least for the others that may have read my
posts.
First, adding any script to check for the parents URL would fail in a
secondary sites pages (it would throw a security error) as it is a
security violation (for the very same reason you can't change the code
in there pages).

Second, if a site doesn't want to be framed (or IFramed) then you have
to accept that. If you don't want to include a link, then don't. How do
you propose to deal with people like me that have IE7 set to open new
links in a new tab? Are you going to try to over ride that choice also?
If the site you are making is free, then make it, enjoy it, and let
other sites work the way they work.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 23 '06 #20

P: n/a
On Mon, 23 Oct 2006 01:24:46 -0400, Randy Webb <Hi************@aol.com>
wrote:
smerf said the following on 10/23/2006 1:13 AM:
>Now, how does that help?
I am always willing to learn from my errors when they are pointed out.

Obviously not as you continue to top-post when asked repeatedly not to.
>Feel free to correct anything that I have said here or in the forums.
If not for my edification, at least for the others that may have read
my posts.

First, adding any script to check for the parents URL would fail in a
secondary sites pages (it would throw a security error) as it is a
security violation (for the very same reason you can't change the code
in there pages).
Right. I was just tossing out ideas while I read up on Javascript.
Therefore, they could not allow only my (or any other) webite to frame
them while excluding others. This would simply not work.
>
Second, if a site doesn't want to be framed (or IFramed) then you have
to accept that. If you don't want to include a link, then don't.
If you had read my postings on the forums I pointed you to, you'd see that
is exactly what I am going to do.

The matter (for me) became one of (a) can frame busting pages be included
against thier will (the answer is yes) and (b) why would somebody elect to
use a form of content protection that not only is ineffective, but limits
the audience that may view the page (I still don't know the answer to that
one).
How do you propose to deal with people like me that have IE7 set to open
new links in a new tab?
As you probably know, navigational links (like those on the left hand side
of www.torrentscan.com) are set to open their pages in a content frame to
the right of the list of search links. IE7 does not change this
behavior. Try it out.

(As a side point, IE7's handling of tabs is irritating to me, to say the
least. I can't, for the life of me, find a setting to cause new web
addresses typed into the address bar to open in a new tab. So, I'm still
using Firefox as a primary browser.)
Are you going to try to over ride that choice also?
If you are using my site, you understand what it does and how it does it.
If you didn't want to use a site like mine, you wouldn't be there. And,
if you can;t understand how a site like www.torrentscan.com works...well,
there's not a whole lot I can help you with.

If the site you are making is free, then make it, enjoy it, and let
other sites work the way they work.
I will. It will work fine for sites that don't fool themselves into a
false sense of security by using frame busting code. For those that do,
it will inform the user why it won't work with a particular site and offer
alternative sites to the user. (But you already knew all of that from
reading my posts on the forums -right? So, why ask the question?)

Besides, you are the one tauting some magically simple knowledge of how to
trap frame busting pages in a frame. I think you are full of hot air.
Proof of that will be your refusal to reveal your supposedly simple
method. Of course your excuse will be to save the world from me, but we
both know that's not true.

If you really had the web's best interest at heart, you would expose this
flaw so that Javascript interpreters could be fixed to prevent it.

The way I found to do it is to pass the request for a web page to a web
service that extracts the core (minus head and body tags) of the page,
tweaks the links to relative URLs, eliminate any obvious attempts at
defeating the content capture by removing offending code and returning the
tweaked page code to be included in a DIV tag on the original page. Not
all that difficult really.

There's really NOTHING that can stop this type of content hijacking. But,
who'd want to go to that extreme? Certainly not me. If they want fewer
viewers, who am I to force higher ratings on them?

I actually don't give a tinker's damn to include pages that use frame
busting code. The only reason I looked into it to begin with is that I
wanted my users to be able to view any site they wanted from the search
page. It's called customer service - something most frame buster admins
have a poor grasp of anyway.
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

But, you know, it's the damndest thing...I downloaded Opera 9.02 (their
newest) to try its newsreader and geuss what? It defaults the cursor to
the top of the post for replies - just like EVERY other newsreader. That
begs the question - since top-posting is evidentally immoral - just why
are all of these newsreaders conspiring to place the cursors at the top of
the posts when you click on reply?

Wouldn't it make more sense (if top posting is such a horrible sin) that
modern newsreaders like Opera 9.02 would place the cursor at the bottom of
the post to begin with? Maybe you should let them know of this horrible
sin that they are helping to perpetuate. They have a newsgroup called
opera.general if you have a minute to let them in on this problem.

Thanks again for your input.
Oct 23 '06 #21

P: n/a
smerf wrote on 23 okt 2006 in comp.lang.javascript:
If top-posting is so bad, why does Outlook Express default to it?
Most of the posts that I read are top posted. If its so bad,
Outlook is an email client impersonating a news reader.

I wouldn't know how well it does that from own experience,
since for email I am a pegasus mail user since 1995.

However, if it acts like you say, it does a poor job.

I heard rumors outlook's above behavour can be set to to bottomposting,
but that does not improve a thing, since the way to go is sparce
interposting, where you only quote what is necessaty for your answer [to
be understandable for the group], placed immediately under each
question/subject.

This would not always do for email, where you answer only to one.
However on usenet you post to the group, whose members are by netiquette
not required to remember all previous postings, or even, by the quirks of
non centralized news servers, could not even have received the previous
posting [yet].

Why not use a dedicated newsreader instead?
why are most posters that I see doing it?
I do not think relative newcomers like outlook and googlegroups should in
their workings be taken as a standard for usenet that exists from 1979.

[Usenet was conceived by Duke University graduate students Tom Truscott
and Jim Ellis in 1979. Publicly available ww-web service on the Internet
started in 1991.]

That outlook and googlegroups influence a bunch of newcomers, is obvious,
but that should not be confused with good practice.
.. most posters that I see ..
You seem to have a different "point of view".

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Oct 23 '06 #22

P: n/a
smerf wrote on 23 okt 2006 in comp.lang.javascript:
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?
Posting under the "--" that is defined [on its own line] as "everything
below this is signature" will only be read by pure chance in dedicated
news readers.

However, as you showed, you where not bottomposting but interposting.

Wel done that.

A signature would be welcome, so that we could address you by name.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Oct 23 '06 #23

P: n/a

"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
smerf wrote on 23 okt 2006 in comp.lang.javascript:
>If top-posting is so bad, why does Outlook Express default to it?
Most of the posts that I read are top posted. If its so bad,

Outlook is an email client impersonating a news reader.
Microsoft certainly hasn't spent any real time upgrading it. Anyway, it
would compete with their Live Q and A site - which I hate.

Now you have Yahoo and Microsoft and others actaully splitting up the
collective IQ by each one creating it's own version of USENET in the name of
profits. Aren't they nice?
>
I wouldn't know how well it does that from own experience,
since for email I am a pegasus mail user since 1995.

However, if it acts like you say, it does a poor job.
Opera 9.02 (a brand new browser/email/newsreader and more) also has this as
the default behavior. It's brand new and is constantly updated.
>
I heard rumors outlook's above behavour can be set to to bottomposting,
but that does not improve a thing, since the way to go is sparce
interposting, where you only quote what is necessaty for your answer [to
be understandable for the group], placed immediately under each
question/subject.

This would not always do for email, where you answer only to one.
However on usenet you post to the group, whose members are by netiquette
not required to remember all previous postings, or even, by the quirks of
non centralized news servers, could not even have received the previous
posting [yet].
That's why we ask questions before posting (or why we should ask questions
if the thread is not clear to us)....to make sure we understand the problem
and do not confuse the thread.
>
Why not use a dedicated newsreader instead?
Using USENET is not a daily thing for me. I don't see the need for a full
fledged app for something that I do so inconsistently.
>
>why are most posters that I see doing it?

I do not think relative newcomers like outlook and googlegroups should in
their workings be taken as a standard for usenet that exists from 1979.

[Usenet was conceived by Duke University graduate students Tom Truscott
and Jim Ellis in 1979. Publicly available ww-web service on the Internet
started in 1991.]

That outlook and googlegroups influence a bunch of newcomers, is obvious,
but that should not be confused with good practice.
I agree. But things change...and USENET posting is changing because it is
not natural or intuitive to the non-geek crowd that is the majority of
USENET's users.
>
>.. most posters that I see ..

You seem to have a different "point of view".
That seems to be the norm with me as of late. I tend to lean more towards
what is intuitive and easy for end users...not just because of some arcane
RFCs that (you must admit) fail miserably at keeping up with the changes in
USENET or the internet as a whole.

Thanks for your point of view.
Oct 23 '06 #24

P: n/a
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
smerf wrote on 23 okt 2006 in comp.lang.javascript:
>--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

Posting under the "--" that is defined [on its own line] as "everything
below this is signature" will only be read by pure chance in dedicated
news readers.
You probably won't see that again.... :)
>
However, as you showed, you where not bottomposting but interposting.

Wel done that.
Gee.....thanks!
>
A signature would be welcome, so that we could address you by name.
See bottom....but don;t get too comfortable with it. I do network
administration for small businesses and may be posting from any PC - not
very practical to install a dedicated newsreader on all those PCs.
>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
--
Smerf
"Why is there no mouse flavored cat food?"
Oct 23 '06 #25

P: n/a
smerf wrote on 23 okt 2006 in comp.lang.javascript:
"Why is there no mouse flavored cat food?"
The danger of any question is the inner presumption.

There is lots of mouse flavored cat food.

It is called "mice".

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Oct 23 '06 #26

P: n/a
ASM
smerf a écrit :
>
--Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

But, you know, it's the damndest thing...I downloaded Opera 9.02 (their
newest) to try its newsreader and geuss what? It defaults the cursor to
the top of the post for replies - just like EVERY other newsreader.
Not at all : "e-mail clients" and not "news-reader", don't confuse.
If you use a real news-reader, by default it will not work as you say
and cursor will be set to bottom.
That begs the question - since top-posting is evidentally immoral - just
why are all of these newsreaders conspiring to place the cursors at the
top of the posts when you click on reply?
Because they are *not* news readers ?
Wouldn't it make more sense (if top posting is such a horrible sin) that
modern newsreaders like Opera 9.02
Opera in 1st approach is a "browser"
once more it's e-mail-client is not a news-reader, is it ?

Just tried it (9.00 Build 3264 on Mac OS 10.3.9) :
- not found preferences about composing mail
- help mentions anything about that possibility (answer before/after)
- no short-cuts to help typing (selection and targeted move)

As you use FireFox why won't you use ThunderBird ?
TB is an e-mail client offering news-reader's possibilities
as to place cursor at the bottom of answer, typing in text mode ...
They have a newsgroup
called opera.general
Not found in my "Subscribe NewsGroups" I've subscribed
Subscribe to Opera.news then opera.general
nothing more work with mail in my Opera :-(
(not very important : I don't like opera)
Oct 23 '06 #27

P: n/a
smerf wrote:
[...]
If top-posting is so bad, why does Outlook Express default to it?
Outlook Express doesn't write your response, you do. It is logical to
start at the top and work your way down, trimming what is unnecessary or
irrelevant, keeping and replying to what is.

Top posting reverses that logic.

Most of the posts that I read are top posted.
Not in this news group.

If its so bad, why are most posters that I see doing it?
Because they are either lazy or haven't been shown the light - maybe
both. :-)

I guess that I assumed that most people were like me. I don't start in the
middle of a thread. If I am interested in the thread, I read ALL of the
posts, in order.
Then you don't need the body of each and every post in every subsequent
post.

You can't expect to get the whole story otherwise, as
people leave off portions of the conversation as they reply.
If you like starting and the start and working your way through each
post, then trimming replies will not affect your method of reading
newsgroups - it should make it more efficient.

[...]
What if people had to replay the whole conversation each time another person
in the conversation responded? That's what the alternative to top-posting
seems like to me.
Quite the opposite. Top-posting encourages respondents to simply leave
all the previous messages in their reply, whether they have any
relevance to their reply or not.

I post this way to save time.....at least it does for me and I assumed it
did so for everyone else.
So you fit the lazy category and expect everyone else to be lazy too. ;-)

Part of the reason for trimmed quotes is because it means others don't
have to scroll down through other messages to find out what you are
replying to. If you aren't prepared to take the time and effort to make
reading your posts efficient, you can expect people to stop reading and
replying.

Have I assumed too much of humanity yet again - to be able to follow a
conversation without continually re-hashing it over and over again?
More encouragement to not quote at all.
[...]

--
Rob
Oct 23 '06 #28

P: n/a
In message <Xn********************@194.109.133.242>, Mon, 23 Oct 2006
08:14:08, Evertjan. <ex**************@interxnl.netwrites
>smerf wrote on 23 okt 2006 in comp.lang.javascript:
>--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

Posting under the "--" that is defined [on its own line] as "everything
below this is signature" will only be read by pure chance in dedicated
news readers.
In some dedicated newsreaders, perhaps. In this one, the entire body is
perfectly visible (if scrolled); but the under-slung material will be
coloured as sig and by default will be cropped on replying.

Smurf should read the references in my signature. Those who comply with
accepted newsgroup norms are more likely to get helpful replies.

--
(c) John Stockton, Surrey, UK. REPLYyyww merlyn demon co uk Turnpike 6.05.
Web <URL:http://www.uwasa.fi/~ts/http/tsfaq.html-Timo Salmi: Usenet Q&A.
Web <URL:http://www.merlyn.demon.co.uk/news-use.htm: about usage of News.
No Encoding. Quotes precede replies. Snip well. Write clearly. Mail no News.
Oct 23 '06 #29

P: n/a
Dr J R Stockton wrote on 23 okt 2006 in comp.lang.javascript:
Smurf should read the references in my signature.
Smerf ... ;-} ;-} ;-}
Those who comply with
accepted newsgroup norms are more likely to get helpful replies.
established newsgroup norms?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Oct 23 '06 #30

P: n/a
smerf said the following on 10/23/2006 3:14 AM:
On Mon, 23 Oct 2006 01:24:46 -0400, Randy Webb <Hi************@aol.com>
wrote:
>>
Second, if a site doesn't want to be framed (or IFramed) then you have
to accept that. If you don't want to include a link, then don't.

If you had read my postings on the forums I pointed you to, you'd see
that is exactly what I am going to do.
There is another alternative. Make your site non-script enabled only.
The reverse of script required. Think about it!
The matter (for me) became one of (a) can frame busting pages be
included against thier will (the answer is yes) and (b) why would
somebody elect to use a form of content protection that not only is
ineffective, but limits the audience that may view the page (I still
don't know the answer to that one).
I don't see how using frame busting code "limits the audience" other
than the audience that uses a site to try to frame others contents. You
may not be trying to steal content but that is precisely what got frame
busting code created to start with.
>How do you propose to deal with people like me that have IE7 set to
open new links in a new tab?

As you probably know, navigational links (like those on the left hand
side of www.torrentscan.com) are set to open their pages in a content
frame to the right of the list of search links. IE7 does not change
this behavior. Try it out.
My mistake. I have it set to open all popups in a new tab and thought it
did the same with links (I am in the habit of right clicking and open in
new tab).
(As a side point, IE7's handling of tabs is irritating to me, to say the
least. I can't, for the life of me, find a setting to cause new web
addresses typed into the address bar to open in a new tab. So, I'm
still using Firefox as a primary browser.)
You can't, that I know of. If you want it in a new tab the only way is
to open the new tab and then type the address in.
>Are you going to try to over ride that choice also?

If you are using my site, you understand what it does and how it does
it. If you didn't want to use a site like mine, you wouldn't be there.
And, if you can;t understand how a site like www.torrentscan.com
works...well, there's not a whole lot I can help you with.
I understand how it works and what it is doing. You should see how it
looks for me though. Scrollbars everywhere :\
>If the site you are making is free, then make it, enjoy it, and let
other sites work the way they work.

I will. It will work fine for sites that don't fool themselves into a
false sense of security by using frame busting code. For those that do,
it will inform the user why it won't work with a particular site and
offer alternative sites to the user. (But you already knew all of that
from reading my posts on the forums -right? So, why ask the question?)
I didn't ask a question about it though. I gave you the solution.
Besides, you are the one tauting some magically simple knowledge of how
to trap frame busting pages in a frame. I think you are full of hot
air. Proof of that will be your refusal to reveal your supposedly
simple method. Of course your excuse will be to save the world from me,
but we both know that's not true.
Really? If I give the answer, and it is quite foolproof, will you go away?

<noscript>
...frame code here...
</noscript>
<script type="text/javascript">
document.location.href="whyYouCantUseMySiteWithScr iptEnabled.html";
</script>

Now, bust out of my frames!
If you really had the web's best interest at heart, you would expose
this flaw so that Javascript interpreters could be fixed to prevent it.
It is not a flaw in the JS interpreters though.
The way I found to do it is to pass the request for a web page to a web
service that extracts the core (minus head and body tags) of the page,
tweaks the links to relative URLs, eliminate any obvious attempts at
defeating the content capture by removing offending code and returning
the tweaked page code to be included in a DIV tag on the original page.
Not all that difficult really.
Actually, it's not that simple. You would have to make all the links in
the page point to a page on your server that would redirect/intercept
again. And then you have to deal with JS issues that would result. If a
page has JS in it that modifies the body tag, and you stick it in a div
tag, your scheme is out the window.
I actually don't give a tinker's damn to include pages that use frame
busting code.
Then don't. But how do you propose to not include them? Pre-load them
from the server and scan them? That could get interesting if the code is
buried in an external file.
The only reason I looked into it to begin with is that I
wanted my users to be able to view any site they wanted from the search
page. It's called customer service - something most frame buster admins
have a poor grasp of anyway.
Tis true, tis true.
--Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?
First, I didn't ask you to bottom post, and you didn't. I asked you not
to top-post. The posting style you used in this post is interleaved posting.
But, you know, it's the damndest thing...I downloaded Opera 9.02 (their
newest) to try its newsreader and geuss what? It defaults the cursor to
the top of the post for replies - just like EVERY other newsreader.
That begs the question - since top-posting is evidentally immoral - just
why are all of these newsreaders conspiring to place the cursors at the
top of the posts when you click on reply?
So that you start at the top of the post, remove what you aren't
replying to, and reply - interleaved - to what you want to reply to.
Just as you did in this post and as I am doing.
Wouldn't it make more sense (if top posting is such a horrible sin) that
modern newsreaders like Opera 9.02 would place the cursor at the bottom
of the post to begin with?
Actually, no. The top is the best place to place the cursor as that is
where you need to start so you can trim.
Maybe you should let them know of this horrible sin that they are helping
to perpetuate. They have a newsgroup called opera.general if you have a
minute to let them in on this problem.
The problem isn't where they place the cursor, it is placed in the best
place. The problem is what the user does with the cursor there.
Thanks again for your input.
Sure thing. And thank you for yours.

BTW, if top posting is so great in a typed medium, why don't they write
books upside down so you can read them backwards?

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 24 '06 #31

P: n/a

"Randy Webb" <Hi************@aol.comwrote in message
news:3u********************@telcove.net...
smerf said the following on 10/23/2006 3:14 AM:
>On Mon, 23 Oct 2006 01:24:46 -0400, Randy Webb <Hi************@aol.com>
wrote:
>>>
Second, if a site doesn't want to be framed (or IFramed) then you have
to accept that. If you don't want to include a link, then don't.

If you had read my postings on the forums I pointed you to, you'd see
that is exactly what I am going to do.

There is another alternative. Make your site non-script enabled only. The
reverse of script required. Think about it!
But, that would also stop desired web apps from working, wouldn't it?
>
>The matter (for me) became one of (a) can frame busting pages be included
against thier will (the answer is yes) and (b) why would somebody elect
to use a form of content protection that not only is ineffective, but
limits the audience that may view the page (I still don't know the answer
to that one).

I don't see how using frame busting code "limits the audience" other than
the audience that uses a site to try to frame others contents. You may not
be trying to steal content but that is precisely what got frame busting
code created to start with.
I think it limits audiences from link pages. I'll take veiwers from
anywhere.

I understand the need to protect one's content and I agree wholeheartedly
with it. Unfortunately, frame busting is not likely to keep code safe from
any determined content theif. It is more irritant than deterrent.
>
>>How do you propose to deal with people like me that have IE7 set to open
new links in a new tab?

As you probably know, navigational links (like those on the left hand
side of www.torrentscan.com) are set to open their pages in a content
frame to the right of the list of search links. IE7 does not change this
behavior. Try it out.

My mistake. I have it set to open all popups in a new tab and thought it
did the same with links (I am in the habit of right clicking and open in
new tab).
>(As a side point, IE7's handling of tabs is irritating to me, to say the
least. I can't, for the life of me, find a setting to cause new web
addresses typed into the address bar to open in a new tab. So, I'm still
using Firefox as a primary browser.)

You can't, that I know of. If you want it in a new tab the only way is to
open the new tab and then type the address in.
>>Are you going to try to over ride that choice also?

If you are using my site, you understand what it does and how it does it.
If you didn't want to use a site like mine, you wouldn't be there. And,
if you can;t understand how a site like www.torrentscan.com works...well,
there's not a whole lot I can help you with.

I understand how it works and what it is doing. You should see how it
looks for me though. Scrollbars everywhere :\
Is that because of your screen resolution?

What if the links were in a drop down menu across the top instead? That's
what I'm planning so that I can further categorize them and leave the screen
width for the framed content.
>
>>If the site you are making is free, then make it, enjoy it, and let
other sites work the way they work.

I will. It will work fine for sites that don't fool themselves into a
false sense of security by using frame busting code. For those that do,
it will inform the user why it won't work with a particular site and
offer alternative sites to the user. (But you already knew all of that
from reading my posts on the forums -right? So, why ask the question?)

I didn't ask a question about it though. I gave you the solution.
>Besides, you are the one tauting some magically simple knowledge of how
to trap frame busting pages in a frame. I think you are full of hot air.
Proof of that will be your refusal to reveal your supposedly simple
method. Of course your excuse will be to save the world from me, but we
both know that's not true.

Really? If I give the answer, and it is quite foolproof, will you go away?
If it works, I most certainly will.

Is whyYouCantUseMySiteWithScriptEnabled.html the same file that holds the
code you posted below?
>
<noscript>
..frame code here...
</noscript>
<script type="text/javascript">
document.location.href="whyYouCantUseMySiteWithScr iptEnabled.html";
</script>

Now, bust out of my frames!
>If you really had the web's best interest at heart, you would expose this
flaw so that Javascript interpreters could be fixed to prevent it.

It is not a flaw in the JS interpreters though.
Is it browser specific?
>
>The way I found to do it is to pass the request for a web page to a web
service that extracts the core (minus head and body tags) of the page,
tweaks the links to relative URLs, eliminate any obvious attempts at
defeating the content capture by removing offending code and returning
the tweaked page code to be included in a DIV tag on the original page.
Not all that difficult really.

Actually, it's not that simple. You would have to make all the links in
the page point to a page on your server that would redirect/intercept
again. And then you have to deal with JS issues that would result. If a
page has JS in it that modifies the body tag, and you stick it in a div
tag, your scheme is out the window.
I know it will not be simple in the sense that there will be many things I
have to redirect and possibly disable, but the core concept is pretty
straightforward.

Modifying code snippets will also need to be redirected to the DIV instead
of the BODY.
>
>I actually don't give a tinker's damn to include pages that use frame
busting code.

Then don't. But how do you propose to not include them? Pre-load them from
the server and scan them? That could get interesting if the code is buried
in an external file.
I meant not include them in my links. Before adding any pages to the links
section, I would naturally test to see of the author doesn't want to be
framed. If so, I would skip that author's page (not add it to the site
links).
>
>The only reason I looked into it to begin with is that I wanted my users
to be able to view any site they wanted from the search page. It's
called customer service - something most frame buster admins have a poor
grasp of anyway.

Tis true, tis true.
>--Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?

First, I didn't ask you to bottom post, and you didn't. I asked you not to
top-post. The posting style you used in this post is interleaved posting.
Is interleaved posting acceptable? I do this all the time.
>
>But, you know, it's the damndest thing...I downloaded Opera 9.02 (their
newest) to try its newsreader and geuss what? It defaults the cursor to
the top of the post for replies - just like EVERY other newsreader. That
begs the question - since top-posting is evidentally immoral - just why
are all of these newsreaders conspiring to place the cursors at the top
of the posts when you click on reply?

So that you start at the top of the post, remove what you aren't replying
to, and reply - interleaved - to what you want to reply to. Just as you
did in this post and as I am doing.
Done.
>
>Wouldn't it make more sense (if top posting is such a horrible sin) that
modern newsreaders like Opera 9.02 would place the cursor at the bottom
of the post to begin with?

Actually, no. The top is the best place to place the cursor as that is
where you need to start so you can trim.
>Maybe you should let them know of this horrible sin that they are helping
to perpetuate. They have a newsgroup called opera.general if you have a
minute to let them in on this problem.

The problem isn't where they place the cursor, it is placed in the best
place. The problem is what the user does with the cursor there.
>Thanks again for your input.

Sure thing. And thank you for yours.

BTW, if top posting is so great in a typed medium, why don't they write
books upside down so you can read them backwards?
I rather think of this medium as a series of open letters. In writing
letters, I have never been one to liberally quote from the letter to which
I am responding. The author knows what s/he wrote. And, here, what the
author wrote is public record.

I guess I just thought that the people following the thread would be
interested enough to read the messages in order - like the chapters of a
book. You wouldn't expect Chapter 2 to quote liberally from Chapter 1,
would you? The author of Chapter 2 rightly assumes (as did I) that you have
read Chapter 1.

Thanks again for your post!

I'll play with this code tomorrow and let you know what I find.

Smerf
"We're in this mess because the ignorant are cock-sure and the intelligent
are filled with doubt."
Oct 24 '06 #32

P: n/a
smerf said the following on 10/24/2006 2:11 AM:
"Randy Webb" <Hi************@aol.comwrote in message
news:3u********************@telcove.net...
>smerf said the following on 10/23/2006 3:14 AM:
>>On Mon, 23 Oct 2006 01:24:46 -0400, Randy Webb <Hi************@aol.com>
wrote:

Second, if a site doesn't want to be framed (or IFramed) then you have
to accept that. If you don't want to include a link, then don't.
If you had read my postings on the forums I pointed you to, you'd see
that is exactly what I am going to do.
There is another alternative. Make your site non-script enabled only. The
reverse of script required. Think about it!

But, that would also stop desired web apps from working, wouldn't it?
Depends on how you look at it and what you call a desired web app :)
But, yes it would. It would allow you to stop frame busters also.
>>The matter (for me) became one of (a) can frame busting pages be included
against thier will (the answer is yes) and (b) why would somebody elect
to use a form of content protection that not only is ineffective, but
limits the audience that may view the page (I still don't know the answer
to that one).
I don't see how using frame busting code "limits the audience" other than
the audience that uses a site to try to frame others contents. You may not
be trying to steal content but that is precisely what got frame busting
code created to start with.

I think it limits audiences from link pages. I'll take veiwers from
anywhere.
And limit what you show them because of ignorance on the part of a page
author?
I understand the need to protect one's content and I agree wholeheartedly
with it. Unfortunately, frame busting is not likely to keep code safe from
any determined content theif. It is more irritant than deterrent.
Possibly, but it is something to be dealt with.

<snip>
>>>Are you going to try to over ride that choice also?
If you are using my site, you understand what it does and how it does it.
If you didn't want to use a site like mine, you wouldn't be there. And,
if you can;t understand how a site like www.torrentscan.com works...well,
there's not a whole lot I can help you with.
I understand how it works and what it is doing. You should see how it
looks for me though. Scrollbars everywhere :\

Is that because of your screen resolution?
Not so much my resolution but my preferred size of my browser window.
The resolution is 1024x768 at the moment but my IE window is only about
500x350 (1/4 of the monitor or so) so it throws scrollbars everywhere.
What if the links were in a drop down menu across the top instead? That's
what I'm planning so that I can further categorize them and leave the screen
width for the framed content.
That would be much better than the left side navigation is. It allows
for easier reading.
>>>If the site you are making is free, then make it, enjoy it, and let
other sites work the way they work.
I will. It will work fine for sites that don't fool themselves into a
false sense of security by using frame busting code. For those that do,
it will inform the user why it won't work with a particular site and
offer alternative sites to the user. (But you already knew all of that
from reading my posts on the forums -right? So, why ask the question?)
I didn't ask a question about it though. I gave you the solution.
>>Besides, you are the one tauting some magically simple knowledge of how
to trap frame busting pages in a frame. I think you are full of hot air.
Proof of that will be your refusal to reveal your supposedly simple
method. Of course your excuse will be to save the world from me, but we
both know that's not true.
Really? If I give the answer, and it is quite foolproof, will you go away?

If it works, I most certainly will.

Is whyYouCantUseMySiteWithScriptEnabled.html the same file that holds the
code you posted below?
No, its a file that explains why you won't allow the site to work with
scripting enabled (so you can defeat frame busters). It's not a viable
solution but it's fool proof in that you can't use script to frame bust
if script is disabled.
><noscript>
..frame code here...
</noscript>
<script type="text/javascript">
document.location.href="whyYouCantUseMySiteWithSc riptEnabled.html";
</script>

Now, bust out of my frames!
>>If you really had the web's best interest at heart, you would expose this
flaw so that Javascript interpreters could be fixed to prevent it.
It is not a flaw in the JS interpreters though.

Is it browser specific?
Not at all.

<snip>
Modifying code snippets will also need to be redirected to the DIV instead
of the BODY.
And if the content is created using document.write or DOM methods you
are even worse off. It's not even as viable as noscript, especially with
the advent of the number of ajax driven sites on the web.
>>I actually don't give a tinker's damn to include pages that use frame
busting code.
Then don't. But how do you propose to not include them? Pre-load them from
the server and scan them? That could get interesting if the code is buried
in an external file.

I meant not include them in my links. Before adding any pages to the links
section, I would naturally test to see of the author doesn't want to be
framed. If so, I would skip that author's page (not add it to the site
links).
Sounds like censorship to me :)
>>The only reason I looked into it to begin with is that I wanted my users
to be able to view any site they wanted from the search page. It's
called customer service - something most frame buster admins have a poor
grasp of anyway.
Tis true, tis true.
>>--Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

How's this for botom-posting, Randy?
First, I didn't ask you to bottom post, and you didn't. I asked you not to
top-post. The posting style you used in this post is interleaved posting.

Is interleaved posting acceptable? I do this all the time.
Absolutely! :)

<snip>
>BTW, if top posting is so great in a typed medium, why don't they write
books upside down so you can read them backwards?

I rather think of this medium as a series of open letters. In writing
letters, I have never been one to liberally quote from the letter to which
I am responding. The author knows what s/he wrote. And, here, what the
author wrote is public record.
Not necessarily available at the time of reading the post though. And
USENET isn't a one to one medium, as you know.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 24 '06 #33

P: n/a

"Randy Webb" <Hi************@aol.comwrote in message
news:55********************@telcove.net...
smerf said the following on 10/24/2006 2:11 AM:
>"Randy Webb" <Hi************@aol.comwrote in message
news:3u********************@telcove.net...
>>smerf said the following on 10/23/2006 3:14 AM:
On Mon, 23 Oct 2006 01:24:46 -0400, Randy Webb <Hi************@aol.com>
wrote:

Second, if a site doesn't want to be framed (or IFramed) then you have
to accept that. If you don't want to include a link, then don't.
If you had read my postings on the forums I pointed you to, you'd see
that is exactly what I am going to do.
There is another alternative. Make your site non-script enabled only.
The reverse of script required. Think about it!

But, that would also stop desired web apps from working, wouldn't it?

Depends on how you look at it and what you call a desired web app :) But,
yes it would. It would allow you to stop frame busters also.
While it is not what I am trying to do (force pages into frames unaltered),
I can see situations in which it would be useful.
>
>>>The matter (for me) became one of (a) can frame busting pages be
included against thier will (the answer is yes) and (b) why would
somebody elect to use a form of content protection that not only is
ineffective, but limits the audience that may view the page (I still
don't know the answer to that one).
I don't see how using frame busting code "limits the audience" other
than the audience that uses a site to try to frame others contents. You
may not be trying to steal content but that is precisely what got frame
busting code created to start with.

I think it limits audiences from link pages. I'll take veiwers from
anywhere.

And limit what you show them because of ignorance on the part of a page
author?
Yes. Frame busting pages will kick them out of my page.

Now, if there were a way to show frame busting pages with reduced
functionality (and alert the user to that reduced functionality) without
hitting my server and "tweaking" every page - THAT woudl be something
interesting.
>
>I understand the need to protect one's content and I agree wholeheartedly
with it. Unfortunately, frame busting is not likely to keep code safe
from any determined content theif. It is more irritant than deterrent.

Possibly, but it is something to be dealt with.
<snip>
>>Really? If I give the answer, and it is quite foolproof, will you go
away?

If it works, I most certainly will.

Is whyYouCantUseMySiteWithScriptEnabled.html the same file that holds the
code you posted below?

No, its a file that explains why you won't allow the site to work with
scripting enabled (so you can defeat frame busters). It's not a viable
solution but it's fool proof in that you can't use script to frame bust if
script is disabled.
So this is not accomplishing what I set out to do - to show an author's page
unaltered (from the surfers point of view) in a frame even though the author
may be using frame busting techniques.

It may show the frame busting page (ONLY if you have javascript disabled in
your browser agent), but it breaks all javascript, disabling all dynamic
pages (which are the majority of pages that people wish to visit). That
means no ajax apps and no dynamic web pages - no MySpace, no YouTube, etc. -
no dynamic javascript pages which are how most dynamic pages work these
days.

I think I'd rather give them full access to non-frame-busting pages than
only static viewing of all pages.

Besides which, most javascript enabled pages (if they are at all
sophisticated) will not even show their core content if javascript is
disabled - so I'd still have to scrape the guts out of the page using my
server option.
>
>><noscript>
..frame code here...
</noscript>
<script type="text/javascript">
document.location.href="whyYouCantUseMySiteWithS criptEnabled.html";
</script>

Now, bust out of my frames!

If you really had the web's best interest at heart, you would expose
this flaw so that Javascript interpreters could be fixed to prevent it.
It is not a flaw in the JS interpreters though.

Is it browser specific?

Not at all.

<snip>
>Modifying code snippets will also need to be redirected to the DIV
instead of the BODY.

And if the content is created using document.write or DOM methods you are
even worse off. It's not even as viable as noscript, especially with the
advent of the number of ajax driven sites on the web.
I don't think this is true. There will need to be a lot of backend work to
convert pages...but it can definitely be done.
>
>>>I actually don't give a tinker's damn to include pages that use frame
busting code.
Then don't. But how do you propose to not include them? Pre-load them
from the server and scan them? That could get interesting if the code is
buried in an external file.

I meant not include them in my links. Before adding any pages to the
links section, I would naturally test to see of the author doesn't want
to be framed. If so, I would skip that author's page (not add it to the
site links).

Sounds like censorship to me :)
Self censorship - by the authors no less. Go figure. I never would have
guessed that web authors would object to someone showing their content. You
just have to be smart about it. All of my websites are prtty much image
based.

It takes a little more bandwidth, but it displays the same on every browser
regardless of font settings or browser agent inconsistencies. My sites look
the same in IE or Firefox or Opera or Safari - on MAC, PC or Linux. Its not
508 to be sure, but it keeps the sites looking the way they were designed
and makes content theft even harder as the content itself is image based
(that's right, no text).

It has its down sides I'm sure...but I'm happy enough with the up sides to
stick with it.

<snip>
>>BTW, if top posting is so great in a typed medium, why don't they write
books upside down so you can read them backwards?

I rather think of this medium as a series of open letters. In writing
letters, I have never been one to liberally quote from the letter to
which I am responding. The author knows what s/he wrote. And, here,
what the author wrote is public record.

Not necessarily available at the time of reading the post though. And
USENET isn't a one to one medium, as you know.
Lucky for ua all, Google keeps all of these threads and messages archived
and available via the free Google Groups web interface. So, if you are
missing articles - Google Group the thread.

Smerf
Oct 24 '06 #34

P: n/a
smerf said the following on 10/24/2006 2:51 PM:
"Randy Webb" <Hi************@aol.comwrote in message
news:55********************@telcove.net...
<snip>
Frame busting pages will kick them out of my page.
That one line says the crux of this entire page. And there is only two
things to do to stop it and JS on the client can't do either one.

<snip>
>And if the content is created using document.write or DOM methods you are
even worse off. It's not even as viable as noscript, especially with the
advent of the number of ajax driven sites on the web.

I don't think this is true. There will need to be a lot of backend work to
convert pages...but it can definitely be done.
That I don't believe. Not without a full blown JS parser on the server
any way.

<snip>
>Sounds like censorship to me :)

Self censorship - by the authors no less.
The authors are censoring your site? Surely you jest. You are the one
censoring it.

<snip>
>Not necessarily available at the time of reading the post though. And
USENET isn't a one to one medium, as you know.

Lucky for ua all, Google keeps all of these threads and messages archived
and available via the free Google Groups web interface. So, if you are
missing articles - Google Group the thread.
Normally, I would agree with that. But I used AOL for a very long time
to access Usenet (I don't use it anymore for Usenet) but I have waited
up to 2 days for a message to appear in Google that HTML code in it (AOL
rendered the HTML so it made it impossible to read code) that would
appear in the AOL Usenet within minutes. Even now, Google doesn't always
get the message anytime soon (I still see lags in my own messages of up
to 4 hours to appear in Google). The only exception is if you post from
Google Groups then it appears instantly.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 26 '06 #35

P: n/a
"Randy Webb" <Hi************@aol.comwrote in message
news:br********************@telcove.net...
smerf said the following on 10/24/2006 2:51 PM:
>"Randy Webb" <Hi************@aol.comwrote in message
news:55********************@telcove.net...

<snip>
>Frame busting pages will kick them out of my page.

That one line says the crux of this entire page. And there is only two
things to do to stop it and JS on the client can't do either one.
Your solution is not viable. You can't expect everyone to turn off
Javascript. It would break far too many great sites just to see a few
paranoid sites. I will not put my users through that.

With the BILLIONS of web pages out there, they can probably find the same
information and abilities on another less paranoid site. In fact, the
paranoid's site has probably been replicated somewhere else on the web
anyway (even with thier frame busting code - and probably because of it).
>
<snip>
>>And if the content is created using document.write or DOM methods you
are even worse off. It's not even as viable as noscript, especially with
the advent of the number of ajax driven sites on the web.

I don't think this is true. There will need to be a lot of backend work
to convert pages...but it can definitely be done.

That I don't believe. Not without a full blown JS parser on the server any
way.
You don't need anything special. On a Windows server, using .Net, you can
use a webbrowser object to get the page and strip the code from the DOM.
(There is a gecko activex control that will allow the same thing - use the
one appropriate for the end user's browser.)
>
<snip>
>>Sounds like censorship to me :)

Self censorship - by the authors no less.

The authors are censoring your site? Surely you jest. You are the one
censoring it.
Hardly. I want to include thier sites remember? That's the ENTIRE reason
for the start of this thread. No...if they want to be on their own by
acting like a cat dropping acid...so be it. I'll happily include their site
of they drop the frame busting code (or add code to their framebusting code
to allow my site to trap their site while kicking out of others). Whether
they are included or not is entirely up to them - not me. Instructions for
inclusion will be posted for any site that kicks out.
>
<snip>
>>Not necessarily available at the time of reading the post though. And
USENET isn't a one to one medium, as you know.

Lucky for ua all, Google keeps all of these threads and messages archived
and available via the free Google Groups web interface. So, if you are
missing articles - Google Group the thread.

Normally, I would agree with that. But I used AOL for a very long time to
access Usenet (I don't use it anymore for Usenet)
AOL dropped USENET. I hate AOL - cheap bastards....charging people for
access and THEN advertising like a spammer on meth to them anyway.

I'd like to give an IQ test to all AOL users. I think the results would be
entertaining - not necc surprising.
but I have waited up to 2 days for a message to appear in Google that HTML
code in it (AOL rendered the HTML so it made it impossible to read code)
that would appear in the AOL Usenet within minutes. Even now, Google
doesn't always get the message anytime soon (I still see lags in my own
messages of up to 4 hours to appear in Google). The only exception is if
you post from Google Groups then it appears instantly.
There is a lag there....but if you are too late to see some of the messages
(as most services keep text messages for 30+ days) they are probably already
there.

--
Smerf
"Why don't pet food companies make mouse flavored cat food?"
Oct 27 '06 #36

P: n/a
smerf said the following on 10/26/2006 11:33 PM:
"Randy Webb" <Hi************@aol.comwrote in message
news:br********************@telcove.net...
>smerf said the following on 10/24/2006 2:51 PM:
>>"Randy Webb" <Hi************@aol.comwrote in message
news:55********************@telcove.net...
<snip>
I started to snip everything in this post that had anything to do with
how to maintain a page in a frame - using client side scripting - when
the page author had script in the page to bust out of frames but then I
realized there wouldn't be anything left in this post.
>>Frame busting pages will kick them out of my page.
That one line says the crux of this entire page. And there is only two
things to do to stop it and JS on the client can't do either one.

Your solution is not viable.
Don't confuse viable and acceptable. If your content is important
enough, then it becomes very viable to get people to disable JS to view
your page.
You can't expect everyone to turn off Javascript.
You can't expect everyone to turn it on or even have it available to be
turned on.
It would break far too many great sites just to see a few
paranoid sites. I will not put my users through that.
Yet you want to limit the pages they can see because of your own warped
beliefs about internet security. How intuitive.
With the BILLIONS of web pages out there, they can probably find the same
information and abilities on another less paranoid site. In fact, the
paranoid's site has probably been replicated somewhere else on the web
anyway (even with thier frame busting code - and probably because of it).
And you can find another site such as yours (they are quite abundant)
that doesn't censor out sites based on a simple frame busting script.
><snip>
>>>And if the content is created using document.write or DOM methods you
are even worse off. It's not even as viable as noscript, especially with
the advent of the number of ajax driven sites on the web.
I don't think this is true. There will need to be a lot of backend work
to convert pages...but it can definitely be done.
That I don't believe. Not without a full blown JS parser on the server any
way.

You don't need anything special. On a Windows server, using .Net, you can
use a webbrowser object to get the page and strip the code from the DOM.
I still don't believe it. If I have code that manipulates the document
based on parentNode and childNode and comparing them to the structure of
my own document then you will *HAVE* to have an HTML parser and a JS
parser on your server to be able to properly transform it work in your
div tag.

But, just for kicks and giggles, please tell me how you would transform
code that manipulates style sheets using IE's
document.styleSheets[0].rules without a JS/CSS/HTML parser on the
server. Please oh please do post code that can do that!
(There is a gecko activex control that will allow the same thing - use the
one appropriate for the end user's browser.)
What does the end user's browser have to do with what you are going to
do on the server?
><snip>
>>>Sounds like censorship to me :)
Self censorship - by the authors no less.
The authors are censoring your site? Surely you jest. You are the one
censoring it.

Hardly. I want to include thier sites remember? That's the ENTIRE reason
for the start of this thread.
No, the entire reason for this thread was you want to frame a site that
has explicitly attempted to keep you from framing it.
No...if they want to be on their own by acting like a cat dropping acid...so
be it. I'll happily include their site of they drop the frame busting code
(or add code to their framebusting code to allow my site to trap their site
while kicking out of others).
And I have told you already that it is impossible for an outside site to
add code to allow you to identify it, or, for it to identify your frame
set. It can't read the URL of the frameset for the same reason you can't
access the frame code. Its a security violation.
Whether they are included or not is entirely up to them - not me. Instructions
for inclusion will be posted for any site that kicks out.
You are amazing, totally amazing. You want to change the way a site
works and instead of talking to that site you are here complaining about
not being able to change the code from another site.
><snip>
>>>Not necessarily available at the time of reading the post though. And
USENET isn't a one to one medium, as you know.
Lucky for ua all, Google keeps all of these threads and messages archived
and available via the free Google Groups web interface. So, if you are
missing articles - Google Group the thread.
Normally, I would agree with that. But I used AOL for a very long time to
access Usenet (I don't use it anymore for Usenet)

AOL dropped USENET.
Your mastery of the obvious is overwhelming at times.
>I hate AOL - cheap bastards....charging people for access and THEN advertising
like a spammer on meth to them anyway.
I am not getting into a debate with you about AOL and the marketing
practices of AOL. But, needless to say, if you think AOL charges for
"access" then it explains just how much of AOL you actually understand.
And it also displays *your* IQ level as AOL is free to broadband users.
Perhaps you should spend some time reading up on what it is that you
babble about before you babble about it.
I'd like to give an IQ test to all AOL users. I think the results would be
entertaining - not necc surprising.
Considering your own display of IQ level, I doubt you are in a position
to accurately determine the IQ of *anybody* much less an AOL user.
>but I have waited up to 2 days for a message to appear in Google that HTML
code in it (AOL rendered the HTML so it made it impossible to read code)
that would appear in the AOL Usenet within minutes. Even now, Google
doesn't always get the message anytime soon (I still see lags in my own
messages of up to 4 hours to appear in Google). The only exception is if
you post from Google Groups then it appears instantly.

There is a lag there....but if you are too late to see some of the messages
(as most services keep text messages for 30+ days) they are probably already
there.
You went from finding an old message to finding a new message. Please
learn to read, and comprehend what you read, before commenting on what
you attempted to read.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 27 '06 #37

P: n/a


"Randy Webb" <Hi************@aol.comwrote in message
news:IJ********************@telcove.net...
smerf said the following on 10/26/2006 11:33 PM:
>"Randy Webb" <Hi************@aol.comwrote in message
news:br********************@telcove.net...
>>smerf said the following on 10/24/2006 2:51 PM:
"Randy Webb" <Hi************@aol.comwrote in message
news:55********************@telcove.net...
<snip>
>No...if they want to be on their own by acting like a cat dropping
acid...so be it. I'll happily include their site of they drop the frame
busting code (or add code to their framebusting code to allow my site to
trap their site while kicking out of others).

And I have told you already that it is impossible for an outside site to
add code to allow you to identify it, or, for it to identify your frame
set. It can't read the URL of the frameset for the same reason you can't
access the frame code. Its a security violation.
I will leave you with your misconceptions. Although you are technically
right in saying that a page in an iFrame cannot directly access the parent's
URL - you are wrong in suggestion that the URL is not accessible from the
parent.

You are over-thinking this.

This concludes my correspondence with you on this matter.

Good day, sir!

I SAID GOOD DAY!

--
Smerf
"Why don't pet food companies make mouse flavored cat food?"
Oct 27 '06 #38

P: n/a
"smerf" <sm***@shroom.comwrote in message
news:88****************@bignews8.bellsouth.net...
>

"Randy Webb" <Hi************@aol.comwrote in message
news:IJ********************@telcove.net...
>smerf said the following on 10/26/2006 11:33 PM:
>>"Randy Webb" <Hi************@aol.comwrote in message
news:br********************@telcove.net...
smerf said the following on 10/24/2006 2:51 PM:
"Randy Webb" <Hi************@aol.comwrote in message
news:55********************@telcove.net...

<snip>
>>No...if they want to be on their own by acting like a cat dropping
acid...so be it. I'll happily include their site of they drop the frame
busting code (or add code to their framebusting code to allow my site to
trap their site while kicking out of others).

And I have told you already that it is impossible for an outside site to
add code to allow you to identify it, or, for it to identify your frame
set. It can't read the URL of the frameset for the same reason you can't
access the frame code. Its a security violation.

I will leave you with your misconceptions. Although you are technically
right in saying that a page in an iFrame cannot directly access the
parent's URL - you are wrong in suggestion that the URL is not accessible
from the parent.
In fact, the URL can be encoded in such a way as to defeat most (IMHO you
should never say all) attempts at masquerading as my site.

This means that sites that want to opt-in can do so without fear that
another site may masquerade as my site and also display their content.

This beast just may not be dead yet...

--
Smerf
"Why don't pet food companies make mouse flavored cat food?"
Oct 27 '06 #39

P: n/a
smerf said the following on 10/27/2006 5:17 AM:
"Randy Webb" <Hi************@aol.comwrote in message
news:IJ********************@telcove.net...
>smerf said the following on 10/26/2006 11:33 PM:
>>"Randy Webb" <Hi************@aol.comwrote in message
news:br********************@telcove.net...
smerf said the following on 10/24/2006 2:51 PM:
"Randy Webb" <Hi************@aol.comwrote in message
news:55********************@telcove.net...

<snip>
>>No...if they want to be on their own by acting like a cat dropping
acid...so be it. I'll happily include their site of they drop the frame
busting code (or add code to their framebusting code to allow my site to
trap their site while kicking out of others).
And I have told you already that it is impossible for an outside site to
add code to allow you to identify it, or, for it to identify your frame
set. It can't read the URL of the frameset for the same reason you can't
access the frame code. Its a security violation.

I will leave you with your misconceptions.
My "misconception" that script in a frame window from a second domain
can't access the URL of the frameset? Prove me wrong or move on.
Although you are technically right in saying that a page in an iFrame cannot
directly access the parent's URL -
I knew that from the start. At least you are beginning to realize it
yourself.
you are wrong in suggestion that the URL is not accessible from the parent.
I have yet to suggest that a document with an IFrame in it can't access
it's own URL. I said the child document - from a different domain - can
*not* access the URL of the parent. Again, learn to read and comprehend
what you are babbling about before you babble about it.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 28 '06 #40

P: n/a
"Randy Webb" <Hi************@aol.comwrote in message
news:85********************@telcove.net...

<snip>
>you are wrong in suggestion that the URL is not accessible from the
parent.

I have yet to suggest that a document with an IFrame in it can't access
it's own URL. I said the child document - from a different domain - can
*not* access the URL of the parent. Again, learn to read and comprehend
what you are babbling about before you babble about it.
And you are mistaken.

I say that I can make the URL of a parent accessible to any child
frame/iframe by simply reading a variable from the parent. The parent
passes nothing to the frame/iframe until asked and no 3rd party servers are
involved - its just the parent and child frames.

The parent's URL can be made accessible to any child frame/iframe if the
coder of the parent chooses to do so and the information (any information
really) can be passed between parent and child regardless of domain.

Better yet, I can open a frameset in Domain A that houses an iframe from
MyDomainB and a second iframe from MyDomainC, and I can transfer any data I
wish between the iframes from different domains using only javascript in the
iframes - no code needed in the frameset.

I wish there were an open way that we could meet in a challenge to prove
this.

But, what would be the payoff? What will you put on the table?

Besides, you'd only make excuses that you already knew how to do it or that
my method doesn't count or some ridiculous crap - even if I showed you how.

Smerf
Oct 28 '06 #41

P: n/a
smerf said the following on 10/28/2006 2:34 AM:
"Randy Webb" <Hi************@aol.comwrote in message
news:85********************@telcove.net...

<snip>
>>you are wrong in suggestion that the URL is not accessible from the
parent.
I have yet to suggest that a document with an IFrame in it can't access
it's own URL. I said the child document - from a different domain - can
*not* access the URL of the parent. Again, learn to read and comprehend
what you are babbling about before you babble about it.

And you are mistaken.
No, I am not mistaken. And you are starting to bore me.
I say that I can make the URL of a parent accessible to any child
frame/iframe by simply reading a variable from the parent. The parent
passes nothing to the frame/iframe until asked and no 3rd party servers are
involved - its just the parent and child frames.
If and only if they are in the same domain. IF they are in different
sub-domains then you can circumvent it - to an extent - by setting
document.domain in each page.
The parent's URL can be made accessible to any child frame/iframe if the
coder of the parent chooses to do so and the information (any information
really) can be passed between parent and child regardless of domain.
Not using 100% client side script. You can do it using the server but
not in the client - not in a default security environment. You can do it
if you set the security settings in your browser to "I am insanely
stupid so do what you want with my PC".
Better yet, I can open a frameset in Domain A that houses an iframe from
MyDomainB and a second iframe from MyDomainC, and I can transfer any data I
wish between the iframes from different domains using only javascript in the
iframes - no code needed in the frameset.
Setting document.domain. Its trivial.
I wish there were an open way that we could meet in a challenge to prove
this.
It's simple and trivial. This file:

<URL: http://members.aol.com/_ht_a/askhikk/smerf.html>

Is nothing more than a simple HTML with an input. It asks for your name.

You want to prove me wrong? Make a frameset page with two frames. One
frame for your file, point the URL for the second frame to the above
file. Then, write client side code that will, without going to the
server, read the value of what I type into that input.

If you can, then you are right. If you can't, then you are wrong. If you
are right though, there are a ton of cons on the web that will pay you
to learn how to do it.
But, what would be the payoff? What will you put on the table?
That depends on what *you* are willing to "put on the table".
Besides, you'd only make excuses that you already knew how to do it or that
my method doesn't count or some ridiculous crap - even if I showed you how.
You can't without using the server to retrieve the page. If the pages
are in the same domain but different sub-domains then setting
document.domain does the trick.

Now, put up or shut up. Either prove me wrong or accept that you can't
and move on!

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 29 '06 #42

P: n/a
"Randy Webb" <Hi************@aol.comwrote in message
news:0d********************@telcove.net...
smerf said the following on 10/28/2006 2:34 AM:
>"Randy Webb" <Hi************@aol.comwrote in message
news:85********************@telcove.net...

<snip>
>>>you are wrong in suggestion that the URL is not accessible from the
parent.
I have yet to suggest that a document with an IFrame in it can't access
it's own URL. I said the child document - from a different domain - can
*not* access the URL of the parent. Again, learn to read and comprehend
what you are babbling about before you babble about it.

And you are mistaken.

No, I am not mistaken. And you are starting to bore me.
Me bore you? That's rich......
>
>I say that I can make the URL of a parent accessible to any child
frame/iframe by simply reading a variable from the parent. The parent
passes nothing to the frame/iframe until asked and no 3rd party servers
are involved - its just the parent and child frames.

If and only if they are in the same domain. IF they are in different
sub-domains then you can circumvent it - to an extent - by setting
document.domain in each page.
No. Even if they are in seperate domains. And, I'll look into that
document.domain thing - I hadn't seen that one.
>
>The parent's URL can be made accessible to any child frame/iframe if the
coder of the parent chooses to do so and the information (any information
really) can be passed between parent and child regardless of domain.

Not using 100% client side script. You can do it using the server but not
in the client - not in a default security environment. You can do it if
you set the security settings in your browser to "I am insanely stupid so
do what you want with my PC".
Yes, using 100% client side script. To pass data from parent to child does
require that you place code into both pages. It will only work when both
parties agree and code for it - so there is no inherent danger to anyone's
content with what I am talking about.
>
>Better yet, I can open a frameset in Domain A that houses an iframe from
MyDomainB and a second iframe from MyDomainC, and I can transfer any data
I wish between the iframes from different domains using only javascript
in the iframes - no code needed in the frameset.

Setting document.domain. Its trivial.
Like I said, I didn't know about document.domain. This is entirely
different.

I can use it to expose any data I wish from the parent so that the children
can read it. If the child page authors wish to do so, they can expose data
to my parent page using the same channel.
>
>I wish there were an open way that we could meet in a challenge to prove
this.

It's simple and trivial. This file:

<URL: http://members.aol.com/_ht_a/askhikk/smerf.html>

Is nothing more than a simple HTML with an input. It asks for your name.

You want to prove me wrong? Make a frameset page with two frames. One
frame for your file, point the URL for the second frame to the above file.
Then, write client side code that will, without going to the server, read
the value of what I type into that input.
Please read my posts before ranting in the future. You will note that I
said "MyDomain B' and "MyDomain C". These are domains and pages under my
control as I would need to inject code to transfer the data.

Please also note that I said that I could make any data available from my
parent (in my domain) to any child frame (from any domain) and (if the child
author know what to look for) the child author can read my data and send me
data through the same channel. This is done with 100% pure client side
Javascript. No server side code needed.

And, as the child author is in control of what he shares (as am I) there is
no need to fear the open channel. I cannot make him share data he does not
want to and he cannot do that to me. This is an opt-in, data sharing
channel.
>
If you can, then you are right. If you can't, then you are wrong. If you
are right though, there are a ton of cons on the web that will pay you to
learn how to do it.
I am not interested in teaching this to others. (A) I hate cons. (B) It
would increase my competition.
>
>But, what would be the payoff? What will you put on the table?

That depends on what *you* are willing to "put on the table".
Nothing. I have found a lucrative way to profit from this knowledge and
doubt that you could make it worth my time to discuss it with you any
further.
>
>Besides, you'd only make excuses that you already knew how to do it or
that my method doesn't count or some ridiculous crap - even if I showed
you how.

You can't without using the server to retrieve the page. If the pages are
in the same domain but different sub-domains then setting document.domain
does the trick.
Nope - entirely different domains.
>
Now, put up or shut up. Either prove me wrong or accept that you can't and
move on!
I am moving on. I am going to put this to work in a very visible, very
public way - very soon (4 weeks tops - beta in 2).

That is infinitely more lucrative than trying to teach you to think outside
your cat box.

Two parting words for you before I go.....Dale Carnegie.

--
Smerf
"Why don't pet food companies make mouse flavored cat food?"
Oct 29 '06 #43

This discussion thread is closed

Replies have been disabled for this discussion.