OK, but what happens when you want to be in your own frames?
It was time to call in the big gun, in the person of Ronnie Moore, the webmaster and chief script cook over at JavaScriptSource.com. Ronnie usually can polish off a tricky script in 15 minutes and then asks, "Do you have anything else for me to do?"
To make a long story short, we soon found out that -- due to some necessary features in the JavaScript language to protect people from doing things to people's pages on other domains -- even checking to see what domain a page is coming from will produce a JavaScript error that will prevent a script from running.
It took us weeks of going back and forth, setting up "bad guy" pages, clearing our IE caches every single time we tested, and testing in both IE and Netscape, but we* finally came up with two scripts that should confound all but the most determined and clever of evildoers (unless the visitor has turned off JavaScript, of course). See what happens if such a protected frame is framed from a different domain by clicking here (we play the "bad guy" ourselves in this scenario).
As an added bonus, this will also automatically force your framed pages back into their proper frames, so that if someone links directly to a framed page outside of its frame (or attempts to "open this frame in a new window"), it will be seen in the proper context, with your enclosing frame and ad banner, or whatever (try that by clicking here). And they'll work whether your framed pages are static or dynamically generated.
Now how much would you pay for these scripts? :-) But as usual, they're free.
<SCRIPT LANGUAGE="JavaScript">
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->
<!-- Begin
var table_of_contents = "http://javascript.internet.com/new/";
// change to your default frame page
var blank = " "; // blank page
var content = (location.search) ? location.search.substring(1, location.search.length) : table_of_contents;
// if query string ('?' after URL) set content variable to what follows the '?'
// otherwise, start fresh by setting content variable to table_of_contents page
function fillFrame() {
parent.main.location.href = content;
}
// End -->
</script>
<SCRIPT LANGUAGE="JavaScript">
<!-- Original: Ronnie T. Moore -->
<!-- Web Site: http://javascriptsource.com -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->
<!-- Begin
ok_urls = new Array();
ok_urls[1] = "http://your-site.com/frameset.html";
ok_urls[2] = "http://www.your-site.com/frameset.html";
// Enter all the possible web addresses that your site's frameset
// page can be accessed from online, such as with and without the 'www'
function reportError(msg, url, line) {
if (url == window.location.href) {
msg = "\nBandwidth Theft Alert!\n\n" +
"This site is illegally stealing bandwidth\n" +
"from our site, WWW.OUR-SITE.COM.\n\n" +
"We will now load the content page\n" +
"from our server so you may view it.\n\n" +
"Thanks for your patience!";
alert(msg);
top.location.href = ok_urls[1] + "?" + window.location.href;
return true;
}
}
window.onerror = reportError;
url_found = 0;
for (var i = 1; i <= ok_urls.length && !url_found; i++) {
url_found = (parent.location.href.indexOf(ok_urls[i]) == -1);
}
if (!url_found || (window == top))
top.location.href = ok_urls[1] + "?" + window.location.href;
// End -->
</script>
Database Journal: The Knowledge Center for Database Professionals
and find truth, justice, and a clue or two.
