blocks|key|1668696|text|通过这样做，您将能够控制框架页面的任何操作，而这是您不能控制的。Same-domain+origin+policy适用。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1668697|entityMap|0|LINK|mutability|MUTABLE|url|http://en.wikipedia.org/wiki/Same_origin_policy^0|W|P|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

By doing so you'd be able to control any action of the framed page, which you cannot. <a href="http://en.wikipedia.org/wiki/Same_origin_policy" rel="nofollow noreferrer">Same-domain origin policy</a> applies.

blocks|key|1668737|text|尝试使用onbeforeunload属性，该属性将让用户选择是否要离开页面。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1668738|示例：https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload|offset|length|1668739|在HTML5中，您可以使用沙箱属性。请看下面Pankrat的答案。http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/|1668740|entityMap|0|LINK|mutability|MUTABLE|url|https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload|1|http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/^0|0|3|1Y|0|0|X|1U|1|0^^$0|@$1|2|3|4|5|6|7|R|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|S|8|@]|9|@$D|T|E|U|1|V]]|A|$]]|$1|F|3|G|5|6|7|W|8|@]|9|@$D|X|E|Y|1|Z]]|A|$]]|$1|H|3|-4|5|6|7|10|8|@]|9|@]|A|$]]]|I|$J|$5|K|L|M|A|$N|O]]|P|$5|K|L|M|A|$N|Q]]]]

Try using the onbeforeunload property, which will let the user choose whether he wants to navigate away from the page.

Example: <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload" rel="noreferrer">https://developer.mozilla.org/en-US/docs/Web/API/Window.onbeforeunload</a>

In HTML5 you can use sandbox property. Please see Pankrat's answer below.
<a href="http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/" rel="noreferrer">http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/</a>

blocks|key|1453813|text|由于您在iframe中加载的页面可以使用setInterval执行"break+out“代码，因此onbeforeunload可能并不实用，因为它可能会让用户发出”您确定要离开吗？“对话框。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1453814|还有iframe安全属性，它只适用于IE和Opera|1453815|:(|1453816|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

Since the page you load inside the iframe can execute the "break out" code with a setInterval, onbeforeunload might not be that practical, since it could flud the user with 'Are you sure you want to leave?' dialogs.

There is also the iframe security attribute which only works on IE &amp; Opera 

:(

blocks|key|1453887|text|在我的例子中，我希望用户访问内部页面，这样服务器就可以看到他们的ip作为访问者。如果我使用php代理技术，我认为内部页面将看到我的服务器ip作为访问者，所以这是不好的。到目前为止，我得到的唯一解决方案是在卸载之前。把这个放到你的页面上：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1453888|<script+type="text/javascript">
++++window.onbeforeunload+=+function+()+{+++++++++++++++++++++++
+++++++++return+"This+will+end+your+session";
++++}
</script>|code-block|syntax|javascript|1453889|这在火狐和ie中都能工作，这就是我测试的。你会发现一些版本使用了类似evt.return(随便什么)的垃圾……这在firefox中是行不通的。|1453890|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

In my case I want the user to visit the inner page so that server will see their ip as a visitor. If I use the php proxy technique I think that the inner page will see my server ip as a visitor so it is not good. The only solution I got so far is wilth onbeforeunload.
Put this on your page:

<pre><code>&lt;script type="text/javascript"&gt;
 window.onbeforeunload = function () { 
 return "This will end your session";
 }
&lt;/script&gt;
</code></pre>

This works both in firefox and ie, thats what I tested for.
you will find versions using something like evt.return(whatever) crap... that doesn't work in firefox.

blocks|key|1453940|text|我在这上面发现了一些有用的技巧：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1453941|Using+JS+how+can+I+stop+child+Iframes+from+redirecting+or+at+least+prompt+users+about+the+redirect|offset|length|1453942|http://www.codinghorror.com/blog/2009/06/we-done-been-framed.html|1453943|http://coderrr.wordpress.com/2009/02/13/preventing-frame-busting-and-click-jacking-ui-redressing/|1453944|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/questions/1794974/using-js-how-can-i-stop-child-iframes-from-redirecting-or-at-least-prompt-users|1|2^0|0|0|2Q|0|0|0|1T|1|0|0|2P|2|0^^$0|@$1|2|3|4|5|6|7|T|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|U|8|@]|9|@$D|V|E|W|1|X]]|A|$]]|$1|F|3|G|5|6|7|Y|8|@]|9|@$D|Z|E|10|1|11]]|A|$]]|$1|H|3|I|5|6|7|12|8|@]|9|@$D|13|E|14|1|15]]|A|$]]|$1|J|3|-4|5|6|7|16|8|@]|9|@]|A|$]]]|K|$L|$5|M|N|O|A|$P|Q]]|R|$5|M|N|O|A|$P|G]]|S|$5|M|N|O|A|$P|I]]]]

I've found some useful hacks on this:

<a href="https://stackoverflow.com/questions/1794974/using-js-how-can-i-stop-child-iframes-from-redirecting-or-at-least-prompt-users">Using JS how can I stop child Iframes from redirecting or at least prompt users about the redirect</a>

<a href="http://www.codinghorror.com/blog/2009/06/we-done-been-framed.html" rel="nofollow noreferrer">http://www.codinghorror.com/blog/2009/06/we-done-been-framed.html</a>

<a href="http://coderrr.wordpress.com/2009/02/13/preventing-frame-busting-and-click-jacking-ui-redressing/" rel="nofollow noreferrer">http://coderrr.wordpress.com/2009/02/13/preventing-frame-busting-and-click-jacking-ui-redressing/</a>

blocks|key|1669009|text|我知道问题已经有很长一段时间了，但这是我的改进版本，只有在加载iframe时，它才会等待500ms等待任何后续调用。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1669010|<script+type="text/javasript">
var+prevent_bust+=+false+;
++++var+from_loading_204+=+false;
++++var+frame_loading+=+false;
++++var+prevent_bust_timer+=+0;
++++var++primer+=+true;
++++window.onbeforeunload+=+function(event)+{
++++++++prevent_bust+=+!from_loading_204+&&+frame_loading;
++++++++if(from_loading_204)from_loading_204+=+false;
++++++++if(prevent_bust){
++++++++++++prevent_bust_timer=500;
++++++++}
++++}
++++function+frameLoad(){
++++++++if(!primer){
++++++++++++from_loading_204+=+true;
++++++++++++window.top.location+=+'/?204';
++++++++++++prevent_bust+=+false;
++++++++++++frame_loading+=+true;
++++++++++++prevent_bust_timer=1000;
++++++++}else{
++++++++++++primer+=+false;
++++++++}
++++}
++++setInterval(function()+{++
++++++++if+(prevent_bust_timer>0)+{++
++++++++++++if(prevent_bust){
++++++++++++++++from_loading_204+=+true;
++++++++++++++++window.top.location+=+'/?204';
++++++++++++++++prevent_bust+=+false;
++++++++++++}else+if(prevent_bust_timer+==+1){
++++++++++++++++frame_loading+=+false;
++++++++++++++++prevent_bust+=+false;
++++++++++++++++from_loading_204+=+false;
++++++++++++++++prevent_bust_timer+==+0;
++++++++++++}



++++++++}
++++++++prevent_bust_timer--;
++++++++if(prevent_bust_timer==-100)+{
++++++++++++prevent_bust_timer+=+0;
++++++++}
++++},+1);
</script>|code-block|syntax|javascript|1669011|并且必须将onload="frameLoad()"和onreadystatechange="frameLoad();"添加到框架或iframe中。|offset|length|style|CODE|1669012|entityMap^0|0|0|5|K|Q|X|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Q|8|@$I|R|J|S|K|L]|$I|T|J|U|K|L]]|9|@]|A|$]]|$1|M|3|-4|5|6|7|V|8|@]|9|@]|A|$]]]|N|$]]

I know it has been a long time since question was done but here is my improved version it will wait 500ms for any subsequent call only when the iframe is loaded.

<pre><code>&lt;script type="text/javasript"&gt;
var prevent_bust = false ;
 var from_loading_204 = false;
 var frame_loading = false;
 var prevent_bust_timer = 0;
 var primer = true;
 window.onbeforeunload = function(event) {
 prevent_bust = !from_loading_204 &amp;&amp; frame_loading;
 if(from_loading_204)from_loading_204 = false;
 if(prevent_bust){
 prevent_bust_timer=500;
 }
 }
 function frameLoad(){
 if(!primer){
 from_loading_204 = true;
 window.top.location = '/?204';
 prevent_bust = false;
 frame_loading = true;
 prevent_bust_timer=1000;
 }else{
 primer = false;
 }
 }
 setInterval(function() { 
 if (prevent_bust_timer&gt;0) { 
 if(prevent_bust){
 from_loading_204 = true;
 window.top.location = '/?204';
 prevent_bust = false;
 }else if(prevent_bust_timer == 1){
 frame_loading = false;
 prevent_bust = false;
 from_loading_204 = false;
 prevent_bust_timer == 0;
 }



 }
 prevent_bust_timer--;
 if(prevent_bust_timer==-100) {
 prevent_bust_timer = 0;
 }
 }, 1);
&lt;/script&gt;
</code></pre>

and <code>onload="frameLoad()"</code> and <code>onreadystatechange="frameLoad();"</code> must be added to the frame or iframe.

blocks|key|1454090|text|在阅读了w3.org+spec之后。我找到了沙盒的属性。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1454091|您可以设置sandbox=""，这会阻止iframe重定向。也就是说，它也不会重定向iframe。你将会从根本上失去点击。|style|CODE|1454092|示例如下：http://jsfiddle.net/ppkzS/1/|1454093|没有沙箱的示例：http://jsfiddle.net/ppkzS/|1454094|entityMap|0|LINK|mutability|MUTABLE|url|http://www.w3.org/TR/html5/browsers.html#valid-browsing-context-name-or-keyword|1|http://jsfiddle.net/ppkzS/1/|2|http://jsfiddle.net/ppkzS/^0|4|B|0|0|5|A|0|5|S|1|0|8|Q|2|0^^$0|@$1|2|3|4|5|6|7|X|8|@]|9|@$A|Y|B|Z|1|10]]|C|$]]|$1|D|3|E|5|6|7|11|8|@$A|12|B|13|F|G]]|9|@]|C|$]]|$1|H|3|I|5|6|7|14|8|@]|9|@$A|15|B|16|1|17]]|C|$]]|$1|J|3|K|5|6|7|18|8|@]|9|@$A|19|B|1A|1|1B]]|C|$]]|$1|L|3|-4|5|6|7|1C|8|@]|9|@]|C|$]]]|M|$N|$5|O|P|Q|C|$R|S]]|T|$5|O|P|Q|C|$R|U]]|V|$5|O|P|Q|C|$R|W]]]]

After reading the <a href="http://www.w3.org/TR/html5/browsers.html#valid-browsing-context-name-or-keyword">w3.org spec</a>. I found the sandbox property.

You can set <code>sandbox=""</code>, which prevents the iframe from redirecting. That being said it won't redirect the iframe either. You will lose the click essentially.

Example here: <a href="http://jsfiddle.net/ppkzS/1/">http://jsfiddle.net/ppkzS/1/</a> 
Example without sandbox: <a href="http://jsfiddle.net/ppkzS/">http://jsfiddle.net/ppkzS/</a>

Some websites have code to "break out" of <code>IFRAME</code> enclosures, meaning that if a page <code>A</code> is loaded as an <code>IFRAME</code> inside an parent page <code>P</code> some Javascript in <code>A</code> redirects the outer window to <code>A</code>.

Typically this Javascript looks something like this:

<pre><code>&lt;script type="text/javascript"&gt;
 if (top.location.href != self.location.href)
 top.location.href = self.location.href;
&lt;/script&gt;
</code></pre>

My question is: As the author of the parent page <code>P</code> and not being the author of the inner page <code>A</code>, how can I prevent <code>A</code> from doing this break-out?

P.S. It seems to me like it ought to be a cross-site security violation, but it isn't.

How to prevent IFRAME from redirecting top-level window

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋 

腾讯云代码助手

CODING DevOps

Cloud Studio

SDK中心

API中心

命令行工具

一些网站具有“突破”IFRAME封装的代码，这意味着如果页面A作为父页面P内的IFRAME加载，A中的一些Javascript会将外部窗口重定向到A。通常，此Javascript如下所示：<script type="text/javascript"> if (top.location.href != self.loc...

问如何防止IFRAME重定向顶级窗口
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何防止IFRAME重定向顶级窗口EN