How does js determine whether it is in iframe and prevent webpages from being embedded with iframe and iframe nesting?

Source: Internet
Author: User

How does js determine whether it is in iframe and prevent webpages from being embedded with iframe and iframe nesting?

1. How does js determine whether it is in iframe?

Js Code

// Method 1 if (self. frameElement & self. frameElement. tagName = "IFRAME") {alert ('in iframe ');} // method 2 if (window. frames. length! = Parent. frames. length) {alert ('in iframe ');} // method 3 if (self! = Top) {alert ('in iframe ');}

2. Prevent webpages from being embedded with iframe

Add the following code to the

Js Code

<Script language = "javascript"> <! -- If (top. location! = Location) {top. location. href = location. href;} // --> </script> // or <script language = "javascript"> if (self! = Top) {top. location. href = self. location. href ;}</script>

This will make it impossible for others to use iframe to nest any pages on your website. The effect is: Enter the address of your website, which will automatically jump to your website.

The reason is unreliable:

When someone uses the following similar code for IFRAME nested calling, the javascript code on your page may be escaped.

Js Code

<Iframe src = "your page address" name = "TV" marginwidth = "0" marginheight = "0" scrolling = "No" noResize frameborder = "0" id = "TV "framespacing =" 0 "width =" 580 "height =" 550 "VSPACE =-145 HSPACE =-385> </iframe> <script language =" javascript "> var location = ""; var navigate = ""; frames [0]. location. href = ""; </script>

2. The most reliable method:

To thoroughly prevent others from using the IFRAME framework to call their own web pages, the following method is the most reliable.

The value here is an empty page. You can also assign a value to the URL of your page.

Js Code

<script language="javascript"> if(top != self){  location.href = "about:blank"; } </script> 

Another way to completely block iframe is to add:

Html code

header("X-Frame-Options: deny"); header("X-XSS-Protection: 0"); 

The error "Load denied by X-Frame-Options: http: // localhost/×××. php does not permit framing." is returned when loading iframe!

The above is all the content of this article. I hope this article will help you in your study or work. I also hope to provide more support to the customer's home!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.