Asp Forum - Disable viewing outside of frame set

en2

7/30/2014 9:06:00 AM

Hi to all.

I didn't work with html or javascript for quite sometime and i can not
remember how to solve this.

Basically what i want to do is to block to prevent user on accessing
single web page out of the main frame frameset.

E.g. if the page is www.thePage.com and if the menu link is cars.html
i want to redirect user to prevent viewing this page outside of
frameset. So if he makes copy of this link and passes it on new tab like
www.thePage/cars.html, he should be redirected to www.thePage.com

Thnx in advance !

10 Answers

ram

7/30/2014 1:44:00 PM

en2 <nijePravi@mail.com> writes:
>frameset. So if he makes copy of this link and passes it on new tab like

Maybe something like:

if( top.location.href.toLowerCase() === "www.example.com/cars.html" )
top.location.href = "example.com";

. But this would only work in case that someone had enabled JavaScript.

danca

7/30/2014 1:47:00 PM

Il 30/07/2014 11:05, en2 ha scritto:
> Hi to all.
>
> I didn't work with html or javascript for quite sometime and i can not
> remember how to solve this.
>
> Basically what i want to do is to block to prevent user on accessing
> single web page out of the main frame frameset.
>
> E.g. if the page is www.thePage.com and if the menu link is cars.html
> i want to redirect user to prevent viewing this page outside of
> frameset. So if he makes copy of this link and passes it on new tab like
> www.thePage/cars.html, he should be redirected to www.thePage.com
>
> Thnx in advance !

Maybe something like this?
<script>
function whereAmIRunning(){if (top=windows) location.href=location.host
</script>
<body onload="whereAmIRunnig()">
Dan

Thomas 'PointedEars' Lahn

7/30/2014 3:04:00 PM

Stefan Ram wrote:

> en2 <nijePravi@mail.com> writes:
>> frameset. So if he makes copy of this link and passes it on new tab like
>
> Maybe something like:
>
> if( top.location.href.toLowerCase() === "www.example.com/cars.html" )
> top.location.href = "example.com";
>
> . But this would only work in case that someone had enabled JavaScript.

Please don't.

--
PointedEars
FAQ: <http://PointedEars.... | SVN: <http://PointedEars.de...
Twitter: @PointedEars2 | ES Matrix: <http://PointedEars.de/es-...
Please do not Cc: me. / Bitte keine Kopien per E-Mail.

Andrew Poulos

7/30/2014 11:52:00 PM

On 31/07/2014 1:04 AM, Thomas 'PointedEars' Lahn wrote:
> Stefan Ram wrote:
>
>> en2 <nijePravi@mail.com> writes:
>>> frameset. So if he makes copy of this link and passes it on new tab like
>>
>> Maybe something like:
>>
>> if( top.location.href.toLowerCase() === "www.example.com/cars.html" )
>> top.location.href = "example.com";
>>
>> . But this would only work in case that someone had enabled JavaScript.
>
> Please don't.

When I read a response like this from someone who knows far more about
coding than I do I'm unsure what the problem(s) might be. Do you not like:
- frames in general
- partial URLs
- frame busting protection
- "confusing" users by redirecting
- using JavaScript in this instance
- something else

Andrew Poulos

HT de Beer

7/31/2014 6:26:00 AM

Andrew Poulos wrote:

> On 31/07/2014 1:04 AM, Thomas 'PointedEars' Lahn wrote:
>> Stefan Ram wrote:
>>
>>> en2 <nijePravi@mail.com> writes:
>>>> frameset. So if he makes copy of this link and passes it on new tab
>>>> like
>>>
>>> Maybe something like:
>>>
>>> if( top.location.href.toLowerCase() === "www.example.com/cars.html" )
>>> top.location.href = "example.com";
>>>
>>> . But this would only work in case that someone had enabled
>>> JavaScript.
>>
>> Please don't.
>
> When I read a response like this from someone who knows far more about
> coding than I do I'm unsure what the problem(s) might be. Do you not like:
> - frames in general
> - partial URLs
> - frame busting protection
> - "confusing" users by redirecting
> - using JavaScript in this instance
> - something else

I don't know about the parent poster, but I'd advise against trying to
restrict the user experience (through javascript). Not only can that
frustrate the user in using your site -- if I want to open the inner frame
in a new tab, that's my decision, not yours --, but you cannot really
control what happens with your content once the user downloads it to their
computer. You can add a bit of restrictive javascript and stick your head in
the sand, but a user who wants to can easily circumvent such restrictions.

If you want people to not be able to open the inner frame without the outer
frame, you'd better look for an alternative solution without separate
frames. For example, using a template (of the outer frame) wherein the
contents of the inner frame are placed, will result in web pages where the
"inner frame" and "outer frame" aren't separable. (Well, unless the user
does do so by hand, copying out the html code of the "inner frame" into a
separate html file; again, you don't have control over your content once it
is downloaded by the user).

>
> Andrew Poulos
--
Huub de Beer

en2

7/31/2014 6:54:00 AM

On 07/31/2014 08:26 AM, Huub de Beer wrote:
> Andrew Poulos wrote:
>
>> On 31/07/2014 1:04 AM, Thomas 'PointedEars' Lahn wrote:
>>> Stefan Ram wrote:
>>>
>>>> en2 <nijePravi@mail.com> writes:
>>>>> frameset. So if he makes copy of this link and passes it on new tab
>>>>> like
>>>>
>>>> Maybe something like:
>>>>
>>>> if( top.location.href.toLowerCase() === "www.example.com/cars.html" )
>>>> top.location.href = "example.com";
>>>>
>>>> . But this would only work in case that someone had enabled
>>>> JavaScript.
>>>
>>> Please don't.
>>
>> When I read a response like this from someone who knows far more about
>> coding than I do I'm unsure what the problem(s) might be. Do you not like:
>> - frames in general
>> - partial URLs
>> - frame busting protection
>> - "confusing" users by redirecting
>> - using JavaScript in this instance
>> - something else
>
> I don't know about the parent poster, but I'd advise against trying to
> restrict the user experience (through javascript). Not only can that
> frustrate the user in using your site -- if I want to open the inner frame
> in a new tab, that's my decision, not yours --, but you cannot really
> control what happens with your content once the user downloads it to their
> computer. You can add a bit of restrictive javascript and stick your head in
> the sand, but a user who wants to can easily circumvent such restrictions.
>
> If you want people to not be able to open the inner frame without the outer
> frame, you'd better look for an alternative solution without separate
> frames. For example, using a template (of the outer frame) wherein the
> contents of the inner frame are placed, will result in web pages where the
> "inner frame" and "outer frame" aren't separable. (Well, unless the user
> does do so by hand, copying out the html code of the "inner frame" into a
> separate html file; again, you don't have control over your content once it
> is downloaded by the user).
>
>>
>> Andrew Poulos
---------------------------------
The problem is quite opposite.
What i want to prevent is that someone comes to the site, chooses one
sub menu, clicks on copy links location, passes this link over mail to
some friend, and then when this friend passes this into browser, he will
get web page outside of frameset.

JJ

7/31/2014 7:11:00 AM

On Wed, 30 Jul 2014 11:05:53 +0200, en2 wrote:
> Hi to all.
>
> I didn't work with html or javascript for quite sometime and i can not
> remember how to solve this.
>
> Basically what i want to do is to block to prevent user on accessing
> single web page out of the main frame frameset.
>
> E.g. if the page is www.thePage.com and if the menu link is cars.html
> i want to redirect user to prevent viewing this page outside of
> frameset. So if he makes copy of this link and passes it on new tab like
> www.thePage/cars.html, he should be redirected to www.thePage.com
>
> Thnx in advance !

Blocking a page access can only be done from the web server configuration
(e.g.: .htaccess).

With JavaScript, access to a page can only be redirected. The page itself
can still be loaded; and if the client have disabled the JavaScript, the
redirection won't be performed.

A web page can also be configured (via server script) to disallow itself
from being displayed in a frame by adding a specific HTTP response header.
Yet, it won't prevent the page from being loaded from the server. For
example, via non web browser programs such as download managers.

However, if you want to use JavaScript anyway, use this:

if (top && (top.location.hostname !== location.hostname)) {
location.href = "about:blank";
}

It'll redirect itself to "about:blank" if it's loaded from a frame and the
browser tab's URL doesn't point to the same host name; making the frame
contents blank.

Put it in the page where you want to protect. e.g.: the cars.html.
Put it so that it executes without waiting for the page to finish loading.
Preferably in the HEAD tag, before any other external script and CSS.

en2

7/31/2014 7:50:00 AM

On 07/31/2014 09:11 AM, JJ wrote:
> On Wed, 30 Jul 2014 11:05:53 +0200, en2 wrote:
>> Hi to all.
>>
>> I didn't work with html or javascript for quite sometime and i can not
>> remember how to solve this.
>>
>> Basically what i want to do is to block to prevent user on accessing
>> single web page out of the main frame frameset.
>>
>> E.g. if the page is www.thePage.com and if the menu link is cars.html
>> i want to redirect user to prevent viewing this page outside of
>> frameset. So if he makes copy of this link and passes it on new tab like
>> www.thePage/cars.html, he should be redirected to www.thePage.com
>>
>> Thnx in advance !
>
> Blocking a page access can only be done from the web server configuration
> (e.g.: .htaccess).
>
> With JavaScript, access to a page can only be redirected. The page itself
> can still be loaded; and if the client have disabled the JavaScript, the
> redirection won't be performed.
>
> A web page can also be configured (via server script) to disallow itself
> from being displayed in a frame by adding a specific HTTP response header.
> Yet, it won't prevent the page from being loaded from the server. For
> example, via non web browser programs such as download managers.
>
> However, if you want to use JavaScript anyway, use this:
>
> if (top && (top.location.hostname !== location.hostname)) {
> location.href = "about:blank";
> }
>
> It'll redirect itself to "about:blank" if it's loaded from a frame and the
> browser tab's URL doesn't point to the same host name; making the frame
> contents blank.
>
> Put it in the page where you want to protect. e.g.: the cars.html.
> Put it so that it executes without waiting for the page to finish loading.
> Preferably in the HEAD tag, before any other external script and CSS.
>
-------------------------------
Would it be possible to load this "external page " in frameset ?
E.g. if someone passes www.thePage.com/cars.html
that this page loads in frameset as if he would do this on standard way
( over submenu ) ?

Ben Bacarisse

7/31/2014 11:46:00 AM

en2 <nijePravi@mail.com> writes:
<snip>
> What i want to prevent is that someone comes to the site, chooses one
> sub menu, clicks on copy links location, passes this link over mail to
> some friend, and then when this friend passes this into browser, he
> will get web page outside of frameset.

If you are stuck with frames (and you should give serious thought to
solving the base problem which is that frames break the meaning of
links) there are two things that can help.

First, use some kind of server-side scripting to provide URLs for frame
configurations. For example, you could decide that

http://example.com/?cont=cars&men...

generates the frame set with the main content frame's src=cars.html and
the navigation frame showing src=vehicles.html.

This will mean that people can quote real URLs "into" your site. You
can use some of these in the pages themselves in paces where you think
people are most likely to copy links. (You can even provide a "generate
a link" button, or a "send a link" button, that constructs such a URL
from what the visitor is currently seeing.)

Second, once you have the above in place, use the server's ability to
redirect (or re-write) URLs so that "out of frame" URLs get converted to
one of the above configuration URLs.

--
Ben.

Thomas 'PointedEars' Lahn

7/31/2014 12:57:00 PM

Ben Bacarisse wrote:

> Second, once you have the above in place, use the server's ability to
> redirect (or re-write) URLs so that "out of frame" URLs get converted to
> one of the above configuration URLs.

Server-side redirection either does not work in this case (the server does
not "know" *how* a document is displayed), or would just move the problem
with automatic redirection to the server side. More later.

--
PointedEars
FAQ: <http://PointedEars.... | SVN: <http://PointedEars.de...
Twitter: @PointedEars2 | ES Matrix: <http://PointedEars.de/es-...
Please do not Cc: me. / Bitte keine Kopien per E-Mail.

comp.lang.javascript

Disable viewing outside of frame set

en2

ram

danca

Thomas 'PointedEars' Lahn

Andrew Poulos

HT de Beer

en2

JJ

en2

Ben Bacarisse

Thomas 'PointedEars' Lahn

x Login to ForumsZone