# Thursday, 22 January 2009

So a dev buddy popped a question in IRC the other day.  He was trying to host an ad/offer thing inside of an iframe, but the offer checked for this and redirected the top page to itself.  He had been wracking his brain trying to work around this, and it looked like an interesting problem, so I stepped up to the plate.

First we attempted to simply overwrite location.replace with an empty function.  This seemed to work on IE but did nothing on FF3.  It also became apparent that this method would fail as a subsequent refresh gave us different javascript that simply changed the location.href.  FAIL.

I did a bit of googling on the issue and stumbled across a forum post suggesting the use of onBeforeUnload on the parent page.  I played around with this idea, getting mixed results, but since there seemed like no other way, I dug a bit deeper.  I was trying to do this by hand, with no libraries, and decided to bring in a little help since I didn't care to handle all the x-browser event nonsense.  I loaded up prototype.js and reworked my code to use it.  The following emerged:

function windowUnload(evt) {
var ifr = $('ifr');

if (ifr == evt.element()) {

Event.observe(window, 'unload', windowUnload);
$('ifr').observe('unload', windowUnload);

The id 'ifr' is the iframe holding the offer/ad.  This also manages to prevent any unload checks that the embedded page might popup.


posted on Thursday, 22 January 2009 14:45:01 (Central Standard Time, UTC-06:00)  #    Comments [2] Trackback
Related posts:
Subversion and SharePoint
Broken Threads
Ugly, Isn't It?
UpdateProgress for all Requests
Install VSTO Add-Ins for All Users
Tuesday, 17 March 2009 15:27:29 (Central Standard Time, UTC-06:00)
Hi, How are you?

THank you for your post. I am facing the same problem - prevent <iframe /> break-away.
I wanted to ask you if you can provide a bit more information about the code snippet in the current post:

are you using some kind of third-party lib? for example jQuery?

what is this variable: $('ifr')? it is not standard JavaScript syntax or am i wrong?
I understand that 'ifr' is id of your iframe, right?

but what about dollar sign?

If its not too hard for you, please provide a bit more information.

Thank you,
Tuesday, 17 March 2009 15:59:14 (Central Standard Time, UTC-06:00)
sorry for rushing to post my previous comment. I see that you are using Prototype lib.

Ive created a simple HTML page where i load prototype.js. I have an iframe where its src points to MySpace page. In the header i've put your code, unfortunately it does not prevent iframe break out.

Any ideas?

Thank you
Comments are closed.