2

I do have a site where several iframes get loaded which's content I can't control. These iframed pages may cause redirects. I do prevent these redirects by using this iframe-busting-busting-busting code:

<script>
  // Code from here:
  // https://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed
  var prevent_bust = 0
  window.onbeforeunload = function(){
    prevent_bust++;
  };
  setInterval(function(){
    if (prevent_bust > 0){
      prevent_bust -= 2;
      window.top.location = '/204-NoContentResponse.php';
    }
  }, 1);
</script>

This works great for the iframes, but now the user can't change the url by hand and is unable to leave the page manually. If he enters a different URL in his omnibox/url bar this redirection is prevented, too.

So this post: Disable onbeforeunload for links doesn't apply here, unfortunatelly.

Is there a way to let the user leave the page by entering an url, clicking a bookmark or hitting F5, but prevent iframes from redirecting?

Update

I forgot to mention that this site is run in an environment where users are forced to use IE9. So the sandbox attribute is no option unfortunatelly.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
McK
  • 653
  • 2
  • 7
  • 24
  • You can use the HTML5 sandbox attribute: http://stackoverflow.com/questions/369498/how-to-prevent-iframe-from-redirecting-top-level-window – robC Mar 20 '15 at 11:38
  • I already saw that option, but forgot to mention that this site has is run in a company environment where users are forced to use IE9 which does not support the sandbox attribute. I'll update my question to reflect that, but thx. – McK Mar 23 '15 at 13:05

0 Answers0