View Full Version : prevent breaking out of frames

04-04-2005, 09:42 AM
Hi everyone.

There are plenty of scripts that if your webpage gets displayed in a frame they will break out of it. Now my problem. Is it possible to prevent this breaking out of frames and forcing the webpage to display in a frame?

04-04-2005, 09:56 AM
If you don't own the page, you can't. Are you trying to frame external sites? For security reasons, javascript doesn't have access to pages in other domain. Imagine your site can be manipulated by other sites, would you want that? :p

04-04-2005, 10:00 AM
I wouldnt want that my pages gets changed by a different script.

So there is really no way that makes it possible to prevent that? As said I only want to prevent the breaking out of frames nothing else.

04-04-2005, 10:16 AM
No way. You need to programmatically change the code for frame breakout script, so if you allow other sites to change your code, it would open a big hole for malicious things that would make the web a mess.

04-04-2005, 10:24 AM
ok. Thanks for your help.

06-26-2006, 07:20 PM
Hi! I'm having similar problem. My website has some pages which appear in frames from external sources. It has been agreed with the owner of the other site that the pages I link to have 'no break out of frame script'. But a few times I had the problem where for some reason they have forgotten about me and included the script again.

Does anyone know if it is possible to detect a page that will break out of the frames? If this possible I would like to be able to detect it and if it I going to break out of the frames have an alterative page load instead. Also have similar problem where the page has be removed and then nothing loads. Detecting before it loads and having an alterative page would also solve this problem.

Any Ideas? Thank you

06-26-2006, 07:59 PM
There isn't anything you can do because there is no way for javascript to read the external page, sorry.

06-26-2006, 10:00 PM
I know javascript can't read the external page. Is there anything else that could?

Is there anyway without reading the external page. Is it possible to catch the page as it loads in the current browser?

06-26-2006, 11:02 PM
You are still going to have to read the external page some how. You might be able to do with the php file_get_contents() function (http://us2.php.net/file_get_contents). It returns the code of a page as a string. You can try searching for the elements that are common in break out of frames script and if found load a different page by echoing out a javascript or meta redirect. Pay attention to this tip on the php.net page

Tip: You can use a URL as a filename with this function if the fopen wrappers have been enabled. See fopen() for more details on how to specify the filename and Appendix M for a list of supported URL protocols.
I don't know if this is enabled by default.

07-08-2006, 09:35 PM
Hi! can anyone help me solve this? can anyone write me some script? can't afford to pay you much but we can discuss it and come to some sort of arrangement. Not post in "Paid work offers and requests" as I'm not sure if want I'm asking is possible.

07-09-2006, 02:44 AM
Did you even read my post?

07-09-2006, 08:26 PM
Yes, I have read your post! Not filmar with php. And would the way you suggested would mean i would have find to every possible script that could break frames and if missed one it might not work?

07-09-2006, 09:07 PM
Yep if you missed one, it won't work correctly.

07-09-2006, 11:03 PM
If it is your page and you want it to always appear within frames then you can add javascript to your page that will load the frameset when the page is accessed from anywhere except the frameset.

See http://javascript.about.com/library/blframe.htm for more info on how to do it.

07-10-2006, 01:47 AM
They are wanting to replace the location of the frame with a different url if they 'detect' a break out of frames script in the external file.

07-10-2006, 03:22 AM
They are wanting to replace the location of the frame with a different url if they 'detect' a break out of frames script in the external file.

And that way around can't be done unless both the frame and frameset are loading from the same domain in which case you would have access to remove the frame breaker code or set it up to allow it to be bypassed in this situation.

12-17-2007, 04:05 AM
the best way to achieve this is as follows
url = "http://www.somesite.com/pagetoprevent.htm"
set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "GET", url, false
xmlhttp.send ""
vara = xmlhttp.responseText
set xmlhttp = nothing
response.write vara