Questions tagged [framebusting]
25 questions
438
votes
20 answers
Frame Buster Buster ... buster code needed
Let's say you don't want other sites to "frame" your site in an
So you insert anti-framing, frame busting JavaScript into all your pages:
/* break us out of any containing iframes */
if (top !=…
Jeff Atwood
- 63,320
- 48
- 150
- 153
7
votes
1 answer
MSAL.js acquireTokenSilent on Azure AD B2C with Microsoft Account (login.live.com) framebusting
There is a problem with login.live.com that prevents acquiring access tokens with MSAL.js for Azure AD B2C with the Identity Provider Microsoft Account.
When the iframe (msalRenewFrame…) tries to authenticate at…
halllo
- 858
- 12
- 25
6
votes
2 answers
Frame Busting buster not completely working for IE
I've been working on a Frame busting buster (what's in a name, hehe), which kept my users on my page and open a new window with the target URL. I'm using a Lightbox script to display iframes, this is what I'm doing:
1) Added an event for all…
Joshua - Pendo
- 4,331
- 6
- 37
- 51
5
votes
3 answers
PayPal integration with iframe-based cart
We use PayPal's Payments Pro NVP API to provide seamless credit card and paypal processing on our site. We've created an iframe-based cart widget that our customers put onto their site so their users can purchase items and pay via our Paypal…
SteveL
- 171
- 1
- 1
- 6
4
votes
0 answers
Most current framebusting javascript?
I need to add a javascript-based framebuster for my web application that helps prevent clickjacking (or Cross Frame Scripting) attacks for legacy browsers that don't support X-FRAME-OPTIONS.
After searching the internet, I found that currently there…
Zoomzoom
- 1,042
- 2
- 13
- 32
2
votes
1 answer
Bypassing Frame buster
I need to bypass or bust a frame buster, but I don't have a server that returns 204. The best solution that works (partially so far) is the one in https://crypto.stanford.edu/~dabo/pubs/papers/framebust.pdf on page 4 section C, onBeforeUnload – 204…
max_max_mir
- 1,494
- 3
- 20
- 36
2
votes
0 answers
How to bypass the same origin policy to execute framekiller script on a different domain
I created a framekiller script in such way it allows framing a page only in selected domain to prevent clickjacking.
Framekiller Code:
…
Adhikar Patil
- 33
- 6
2
votes
1 answer
Show salesforce login form in an iframe
I am unable to show https://login.salesforce.com inside an IFrame.
I am using OAuth between my application and salesforce.
For the sake of a better user experience, I do not want the users to leave my…
Ram Sundar
- 73
- 3
- 5
2
votes
0 answers
Framebuster with exceptions
I have a question about writing a frame-buster-buster. I have already read Frame Buster Buster ... buster code needed but I need an extra tweak.
My content from my blog at [http://my_domain.c0m/blog] is being displayed at another site showing three…
Lucia Liljegren
- 21
- 1
1
vote
0 answers
redirect if frame buster detected
I'm displaying my outbound links with a header from my site, some of my data providers have frame busters in place.
What I'm trying to accomplish is; if no frame busting is in place (content loaded successfully), then show the frame, else if frame…
Mike
- 463
- 3
- 8
- 22
1
vote
2 answers
How to stop loading website if it's trying to escape from a frame
So I know that there are many websites out there that try to break from frames (frame-busting) and then there is this whole cyclic "busting frame busters" and "busting frame buster busters" etc. Is there a way to anticipate whether a website will…
Kvass
- 8,294
- 12
- 65
- 108
1
vote
1 answer
Cross-origin anti frame busting
I have a simple chrome extension that injects an iframe into the active page (not the important part)
I want to embed a game located at http://diep.io, but this site has some frame-busting techniques implemented. I still want to be able to load this…
255.tar.xz
- 700
- 7
- 23
1
vote
2 answers
Preventing frame busting with access to page source
So we are loading a page in an iframe. This child page is loaded from a cache on the same domain as the parent. However external assets are not cached locally, and are loaded from the external site - including javascript. In one site we have…
Richard H
- 38,037
- 37
- 111
- 138
1
vote
2 answers
Prevent iFrame from being busted by dropping a link
I have a page that embeds an iFrame with an external domain. So I can't insert anything into its DOM. The page is run with Node-Webkit (based on Chromium), but since this behavior is the same for any browser, I consider this to be a general…
Dorrian
- 113
- 1
- 7
1
vote
2 answers
How do I stop my frame buster from breaking the WordPress Customizer page?
Behold a simple framebuster:
However, it seems to work too well. It breaks the customizer admin page in…
Nicholas Cardot
- 956
- 1
- 11
- 30