How does js determine whether it is in an iframe and prevent the web page from being nested in an iframe by other sites?-JS Tutorial-php.cn

How does js determine whether it is in an iframe and prevent the web page from being nested in an iframe by other sites?

高洛峰

Release： 2017-01-12 11:14:58

Original

2119 people have browsed it

1. How to determine whether js is in an iframe

Js code

//方式一
if (self.frameElement && self.frameElement.tagName == "IFRAME") {
   alert(&#39;在iframe中&#39;);
}
//方式二
if (window.frames.length != parent.frames.length) {
   alert(&#39;在iframe中&#39;);
}
//方式三
if (self != top) {
  alert(&#39;在iframe中&#39;);
}

Copy after login

2. Prevent web pages from being nested in iframes by other sites

Just add the following code to your page:

Js code

<script language="javascript">
<!--
if (top.location != location)
{
top.location.href = location.href;
}
//-->
</script>
//或
<script language="javascript">
if(self!=top){top.location.href=self.location.href;}
</script>

Copy after login

This will make it impossible for others to use it Iframe nests any page of your website, and the effect is: after entering the address of the hotlink to your website, it will automatically jump to your website.

Reasons for unreliability:

When others use code similar to the following to make nested IFRAME calls, they may escape the javascript code of your page.

Js code

<iframe src="你的页面地址" name="tv" marginwidth="0" marginheight="0" scrolling="No" noResize frameborder="0" id="tv" framespacing="0" width="580" height="550" VSPACE=-145 HSPACE=-385></iframe>
<script language="javascript">
var location="";
var navigate="";
frames[0].location.href="";
</script>

Copy after login

2. The most reliable method:

In order to completely prevent others from using the IFRAME framework to nestly call their own web pages, the following method It is the most reliable.

The value assigned here is an empty page, or it can be assigned the URL address of your page.

Js code

<script language="javascript">
if(top != self){
 location.href = "about:blank";
}
</script>

Copy after login

Also A way to completely block iframes is to add:

Html code

header("X-Frame-Options: deny");
header("X-XSS-Protection: 0");

Copy after login

This also causes an error when loading iframes "Load denied by X-Frame-Options: http ://localhost/××××.php does not permit framing." reason!

The above is the entire content of this article. I hope that the content of this article can bring some help to everyone's study or work. I also hope to support the PHP Chinese website!

For more related articles on how to determine whether js is in an iframe and prevent web pages from being nested in iframes by other sites, please pay attention to the PHP Chinese website!