Frame Busting 破坏程序不完全适用于 IE
我一直在开发一个 Framebustingbuster(名字是什么,呵呵),它可以让我的用户留在我的页面上,并打开一个带有目标 URL 的新窗口。我正在使用 Lightbox 脚本来显示 iframe,这就是我正在做的事情:
1)为所有 .lightbox 点击添加了一个事件,fe:
$('.lightbox').live("click", function(e) {
e.preventDefault();
$('#redirectURL').val($(this).attr('href'));
$(this).lightbox();
}
2)添加了框架破坏破坏者:
<script type="text/javascript">
var prevent_bust = 0
window.onbeforeunload = function() { prevent_bust++ }
setInterval(function() {
if (prevent_bust > 0) {
prevent_bust -= 2
window.top.location = 'http://server-which-responds-with-204.com'
}
}, 1)
</script>
3)修改了框架破坏破坏者代码以适应我的需求是:
- 检测 iframe 是否想要更改 window.top.location
- 如果是,则使用 204 服务器响应防止这种情况发生
- 打开一个新页面:
window.open( $('#redirectURL', '_blank' ); - 关闭灯箱:
$('.jquery-lightbox-button-close').click();
到目前为止,这就是我想出了:
var prevent_bust = 0
window.onbeforeunload = function() { prevent_bust++ }
setInterval(function() {
if (prevent_bust > 0) {
prevent_bust -= 2;
redirectURL = $('#redirectURL').val();
if(redirectURL != "") {
window.top.location = 'http://www.****.com/ajax/nocontent.php';
window.open(redirectURL, "_blank");
$('.jquery-lightbox-button-close').click();
$('#redirectURL').val('');
} else {
window.top.location = 'http://www.****.com/ajax/nocontent.php';
}
}
}, 1);
// 编辑: 在我忘记之前,“nocontent.php”是一个返回 204 标头的文件
对于 Firefox,如果检测到更改,它会按照我编程的方式运行这window.top.location 它打开一个新的框架/页面并阻止 iframe 重新加载顶部位置并将其四舍五入,它关闭
Safari/Chrome 行为类似,它们打开一个新的浏览器屏幕(不是)确定是否有一个选项可以说 target="_newtab" 或其他内容? 唯一不好的是它们并没有真正显示弹出窗口被阻止的消息,但我可以通过在上面显示弹出气球来解决这个问题。我的网站有一个链接 页。
令人震惊的是,Internet Explorer 是唯一剩下的害群之马。IE 不会打开新的弹出窗口,也不会阻止 iFrame 重置的 window.top.location,而只是继续将整个页面刷新到“#targetURL”。它与默认的破坏代码执行相同的操作..所以这不是因为我的一些编辑。
谁能发现我的代码中的错误?
另外,我需要进行一些修改,看看请求是由 iframe 还是由用户本身发出,因为现在用户实际上没有任何选项可以通过更改工具栏中的地址或单击链接,这并不是真正需要的哈哈。
提前致谢。
I've been working on a Frame busting buster (what's in a name, hehe), which kept my users on my page and open a new window with the target URL. I'm using a Lightbox script to display iframes, this is what I'm doing:
1) Added an event for all .lightbox clicks, f.e:
$('.lightbox').live("click", function(e) {
e.preventDefault();
$('#redirectURL').val($(this).attr('href'));
$(this).lightbox();
}
2) Added a frame busting buster:
<script type="text/javascript">
var prevent_bust = 0
window.onbeforeunload = function() { prevent_bust++ }
setInterval(function() {
if (prevent_bust > 0) {
prevent_bust -= 2
window.top.location = 'http://server-which-responds-with-204.com'
}
}, 1)
</script>
3) Modified the frame busting buster code to fit my needs, which are:
- detect if an iframe wants to change the window.top.location
- if so, prevent this from happening using the 204 server respond
- open a new page:
window.open( $('#redirectURL', '_blank' ); - close lightbox:
$('.jquery-lightbox-button-close').click();
So far, this is what I've come up with:
var prevent_bust = 0
window.onbeforeunload = function() { prevent_bust++ }
setInterval(function() {
if (prevent_bust > 0) {
prevent_bust -= 2;
redirectURL = $('#redirectURL').val();
if(redirectURL != "") {
window.top.location = 'http://www.****.com/ajax/nocontent.php';
window.open(redirectURL, "_blank");
$('.jquery-lightbox-button-close').click();
$('#redirectURL').val('');
} else {
window.top.location = 'http://www.****.com/ajax/nocontent.php';
}
}
}, 1);
// EDIT: Before I forget, 'nocontent.php' is a file that returns a 204 header
For Firefox it acts as I programmed it, if there's a change detected in the window.top.location it opens a new frame/page and prevents the iframe from reloading the top location and to round it up, it closes the jQuery lightbox.
Safari/Chrome act similar, they open a new browser screen (not sure if theres an option to say target="_newtab" or something?). Only bad thing is they do not really display a message of the popup is blocked, but I can work around that by displaying a popup balloon on my website with a link to the page.
Internet Explorer is, what a shocker, the only black sheep left.. IE does not open a new popup, nor blocks the window.top.location reset by the iFrame and simply continues refreshing the complete page to the '#targetURL'. It does the same with the default busting code.. so it's not because of some of my edits.
Anyone who is able to spot a mistake in my code?
Also, I would need a little modification that sees if the request has been made by an iframe or by the user itself, because now there is really NO option for a user to leave my page by changing the address in the toolbar or by clicking a link, which is not really needed LOL.
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
PENDO,我试图模拟你描述的整个过程,ligthbox-jquery,javascript自己的代码和控件通过lightbox打开页面。我根本无法模拟,随着时间的流逝,我正在发送建议以扩大可能性和解决方案的范围。
我建议替换重定向页面:
替换为模拟页面的 DIV 容器,使用 ajax 调用并获取内容并覆盖 DIV 的内容。
或者
这种方法还避免了阻止用户使用地址栏离开您的页面的问题(正如您自己提到的)。
抱歉,让我给你一个完整的解决方案,但时间阻止了我。
PENDO,在问题的替代方案上做更多的工作,我发现了一个可定制的 jQuery lightbox 插件,用于处理自定义窗口(iframe、html、内联 ajax 等)。也许会有帮助。以下链接:
PENDO, I tried to simulate the whole process you described, ligthbox-jquery, javascript their own codes and controls opening pages via lightbox. I could not simulate at all, and as time is running out I'm sending a suggestion to broaden the range of possibilities and solutions.
I suggest replacing the redirect page:
Replaced with a DIV container that simulates a page, using ajax calls and taking the content and overwritten the contents of the DIV.
or
This approach also avoids the problem of preventing the user from even leaving your page using the address bar (as you yourself mentioned).
Sorry, let me give you a complete solution, but time prevented me.
PENDO, a little more work on alternatives to the problem, I found a customizable jQuery lightbox plugin for working with custom windows yet (iframe, html, inline ajax etc.). Maybe it will help. The following link:
如果您不需要在 IE 中的 iframe 中运行 javascript,则可以设置 iframe 安全属性:
http://msdn.microsoft.com/en-us/library/ms534622(v=VS.85).aspx
If you don't need javascript running in your iframe in IE, you can set the iframe security attribute :
http://msdn.microsoft.com/en-us/library/ms534622(v=VS.85).aspx