SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Defeating anti-frameset measures

    Here's one for the JavaScript gurus:

    Code:
    <script lanaguage="JavaScript">
    <!-- hide
       if (top != self)
       {
          top.location = "/webvpn.html"
       }
    // hide -->
    </script>
    I need to embed the page that this code appears on inside a frame (because the bossman wants it that way). The problems, beyond of course the script that breaks this page out of frames, is that a) I've no control over the code on this page at all, and b) the frameset page must reside on a separate server.

    Is this even possible, or do I have to tell bossman that what he wants can't be done?
    PHP questions? RTFM
    MySQL questions? RTFM

  2. #2
    SitePoint Addict
    Join Date
    Dec 2005
    Posts
    276
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You want to control an arbitrary unknown page that is on another server? I think you'll have to tell the bossman it can't be done.
    "Never imagine yourself not to be otherwise than what
    it might appear to others that what you were or might
    have been was not otherwise than what you had been
    would have appeared to them to be otherwise."

  3. #3
    SitePoint Guru
    Join Date
    Apr 2006
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You might quote the accessibility guidelines to your boss- there are users who must view web pages as top level windows.

  4. #4
    SitePoint Wizard
    Join Date
    Nov 2004
    Location
    Nelson BC
    Posts
    2,310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    can't be done

  5. #5
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @eldacar: It's a known page (a very specific page, in fact), it's just that we can't control the code at all (hard-coded on the machine).

    @mrhoo: Accessibility guidelines are moot - this page is intended for physicians, a very particular set of 20ish physicians, none of whom are more disabled than needing to wear glasses. Heck, none of them are even the slightest bit colorblind! (Besides, I already tried that one. )

    @jimfraser: That's exactly what I thought. Just needed some confirmation (at bossman's insistance).

    Thanks all!
    PHP questions? RTFM
    MySQL questions? RTFM

  6. #6
    SitePoint Wizard
    Join Date
    Nov 2004
    Location
    Nelson BC
    Posts
    2,310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could cheat, maybe...
    - create a php page to serve the same html with the javascript removed
    - grab the html from the server via xmlhttp or *that thing in php that does the same but I forget what its called*
    - strip out the offending javascript
    - serve up the new html

    But the official answer should be *nope* I think

  7. #7
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thought about trying some of those, the trick though is that this page (to be specific, it's the login page for (one of) our VPN) is pretty danged smart, and has some excellent measures built in to prevent anyone impersonating it (which is exactly what you want from a VPN!!). So far I've uncovered two measures (the anti-frameset mentioned here, and an additional cookie-based check that in essence ensures that people can only log in from that page itself), but I would not be surprised if there were others.

    The short is that it would take a lot of work to find reliable workarounds to every counter-measure (first trick: find and identify every counter-measure!), and since we're already crunched for time to meet the go-live date (Monday), I'll just tell bossman it can't be done. At least, not within the given time frame...
    PHP questions? RTFM
    MySQL questions? RTFM


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •