Talk:Framekiller

This article has not yet been rated on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Websites: Computing This article is part of WikiProject Websites, an attempt to create and link together articles about the major websites on the web. To participate, you can edit the article attached to this page, or visit the project page.WebsitesWikipedia:WikiProject WebsitesTemplate:WikiProject WebsitesWebsites articles ??? This article has not yet received a rating on the importance scale. This article is supported by WikiProject Computing.

On 25 May 2010, Framekiller was linked from Slashdot, a high-traffic website. (Traffic) All prior and subsequent edits to the article are noted in its revision history.

An example WP plugin of a framekiller, eg for Digg bar, is this suitable to add here ? 91.108.171.169 (talk) 03:03, 11 April 2009 (UTC)[reply]

A php example to block digg bar from working [1] —Preceding unsigned comment added by 68.76.86.215 (talk) 18:25, 11 April 2009 (UTC)[reply]

Some browsers support the X-FRAME-OPTIONS header, which has a similar effect, but doesn't require JavaScript. Wehe (talk) 10:38, 21 January 2010 (UTC)wehe[reply]

A link to this page from related article is: http://noscript.net/faq#clearclick —Preceding unsigned comment added by 80.38.112.183 (talk) 11:45, 6 August 2010 (UTC)[reply]

Yeah, somebody added a {{refimprove}} tag, I replaced it by a reference to the NoScript-FAQ. –82.113.106.31 (talk) 21:48, 5 April 2011 (UTC)[reply]

The example script might be a bit too long, on my pages I use a one-liner:

<body onload="if (parent.location != location) parent.location=location">

–82.113.106.31 (talk) 21:40, 5 April 2011 (UTC)[reply]

This code doesn't do the job. Read about 204 flushing, location clobbering and using the parent object. It's all described in the referenced paper "Busting frame busting". — Preceding unsigned comment added by 155.56.68.217 (talk) 12:34, 21 October 2011 (UTC)[reply]

All well and good. But there's a way that frames without iframes. Its a validation nightmare but a possible alternative. Its used by sites like blogadda[.]com

www.blogadda.com/showblog?url=[YOUR_URL]

The site used a div to display your page, !doctype html head and all tags included. Even your scripts and css.

standard frame-bursting with top.location = self.location like code is useless!

However, they (have to?) use an id for the container and frame s.

Just realized, all I needed to do was set frameid{display:none} in my css!

Works fine when it comes to the look of the page, but the url remains theirs.

Any better way I can overcome that kind of an attack?Sarindam7 21:30, 10 June 2011 (UTC)

This looks like a different kind of "attack". Like u said, no frames are involved and no clickjacking takes place. Thus no framebusting code is required. They are "just" stealing your blog's content. — Preceding unsigned comment added by 155.56.68.217 (talk) 12:38, 21 October 2011 (UTC)[reply]

Most of this article's content was made obsolete a long time ago by the HTML 5 sandbox attribute. It needs to be updated or re-written from a more comprehensive point of view. Miqrogroove (talk) 05:12, 3 November 2012 (UTC)[reply]