You've implemented anti-framing JavaScript to prevent your site from being embedded within iframes. However, you've discovered a malicious code that can bypass your frame-busting efforts. This issue raises the intriguing question: Can you outsmart the frame-busting buster?
The attacker's code operates by incrementing a counter during page navigation attempts and using a timer to redirect the page to a remote server that responds with HTTP status code 204, effectively preventing navigation.
While the anti-framing code can be bypassed, it is possible to regain control by defeating the counter and timer mechanisms employed by the attacker. Here's how:
The onbeforeunload event is used by the attacker to increment the counter. To disable it, use:
window.onbeforeunload = null;
To suspend the setInterval timer, utilize the clearInterval function:
var intervalID = setInterval(function() {
// ...
}, 1);
clearInterval(intervalID);For major browsers, using the X-Frame-Options header can prevent framing even with script disabled. For example:
X-Frame-Options: SAMEORIGIN
The above is the detailed content of Can You Outsmart the Frame-Busting Buster?. For more information, please follow other related articles on the PHP Chinese website!
How to retrieve Douyin flames after they are gone?
The difference and connection between c language and c++
My computer can't open it by double-clicking it.
What is the principle and mechanism of dubbo
The difference between vue2.0 and 3.0
border-collapse
What should I do if the Chinese restart setting of vscode does not take effect?
What does full-width and half-width mean?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
