How to block external hyperlinks in an iframed page?

Question

I'm making a website that shows another website in an iframe (cross-domain). The problem is that there are external hyperlinks in the site in the iframe, and I want to somehow block or disable them. I want to block ONLY external hyperlinks.

That is, if the iframed page is example.com/info:

Block: <a href="http://other_example.net/pwn">Bad Link</a>
Allow: <a href="http://example.com/donate">Good Link</a>

How can I do this? Greasemonkey and some kind of script? Or something else?

The site i'm making is not going to go in the web. I will use it in info screen. — Make82, Jan 02 '15 at 11:57
I think thisone is hard. I dont have my own site or server. I dont want to block all links.. only links that lead somewhere else than inside that site what is shown in the iframe. — Make82, Jan 05 '15 at 13:38
I'm going to put this html-document to fullscreen in firefox. The problem is that you can get out of that document.. I tried diffirent "whitelist" plugins for firefox but it doesn't fix the problem. I want to block all external links that are inside that iframe. Not links like "home", "about" and etc, because they just change site inside that iframe. External links open new tab.. That is the problem. And i want to show website content only in that iframe. — Make82, Jan 05 '15 at 13:50
There are no content in example.com from otherexample.net. All contents of example.com comes from example.com domain. — Make82, Jan 07 '15 at 05:42

score 1 · Accepted Answer · edited May 23 '17 at 12:06

Either a userscript or a browser extension can do this. A Greasemonkey script will run on a page, irregardless of whether it's in an iframe (unless you tell it not to).
To block external links, compare each link's hostname to the iframed page's hostname.

Here's a complete Greasemonkey script that illustrates the process:

// ==UserScript==
// @name     _Block cross-domain links
// @include  http://www.puppylinux.com/*
// @grant    GM_addStyle
// ==/UserScript==

//-- Only run if the page is inside a frame or iframe:
if (window.top !== window.self) {
    var linkList = document.querySelectorAll ("a");

    Array.prototype.forEach.call (linkList, function (link) {
        if (link.hostname !== location.hostname) {
            //-- Block the link
            link.href = "javascript:void(0)";
        }
    } );

    //-- Mark the links, so the user knows what's up.
    GM_addStyle ( "                             \
        a[href='javascript:void(0)'] {          \
            white-space: nowrap;                \
            cursor: default;                    \
        }                                       \
        a[href='javascript:void(0)']::after {   \
            background: orange;                 \
            content: 'X';                       \
            display: inline-block;              \
            margin-left: 0.3ex;                 \
            padding: 0 0.5ex;                   \
        }                                       \
    " );
}

You can install and run that script against this test page on jsFiddle.

Note:

The containing page is fiddle.jshell.net/9aQv5/3/show/.
The iframed page is www.puppylinux.com.
When you run that script, external links are disabled and the disabled links are marked with an "X".
This approach is for simple static pages. For AJAX driven pages, use waitForKeyElements().

score 0 · Answer 2 · answered Jan 02 '15 at 10:37

0

For this you have to compare your url href attribute using Javascript function as below

// this function will give host name
function get_hostname(url) {
    var m = url.match(/^http:\/\/[^/]+/);
    return m ? m[0] : null;
}

   var hostName =  get_hostname("http://example.com/path");

This will return http://example.com/ as in your example output.

Using above function you can compare your URL and if its going to mathch with your host name - then you can allow to redirect the page or else you can show message for external Links

answered Jan 02 '15 at 10:37

prog1011

3,425
3
30
57

1

How do you expect to be able to intercept link activation inside the iframe, which contains an external resource? – Jukka K. Korpela Jan 02 '15 at 11:05
1

I'm not sure how to use this. Like i said, i'm not familiar with scripts. I don't belive that this is going to fix the problem. – Make82 Jan 02 '15 at 12:17

How to block external hyperlinks in an iframed page?

2 Answers2