Menu
Suppose http://a.com/foo contains <iframe src="http://b.com/bar">
Sometimes b.com/bar will break out of its frame: the top-level window will redirect away from a.com/foo into b.com/bar. I don't know how b.com is doing this.
I thought it wasn't possible for a cross-domain iframe to interfere with the parent unless the parent cooperates via postMessage. Is changing the window location exempt from this?
If that is what's happening, how can a.com prevent this redirect? I control a.com but cannot modify b.com.
If that's not what's happening, how can I find out what b.com is doing to achieve the redirect?
It would be acceptable to force b.com to load itself into a new window, or sabotage its access to the top or parent objects. Other degradations of b.com's behaviour may be acceptable.
421
Parent can use sandbox attribute on iframe:
http://www.w3schools.com/TAgs/att_iframe_sandbox.asp
Then iframe will no longer be able to redirect parent.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
