Database Journal: The Knowledge Center for Database Professionals

find a web host with:
CGI Access DB Support NT Servers UNIX Servers Telnet Access advanced search

internet.com Internet News Internet Investing Internet Technology Windows Internet Tech. Linux/Open Source Web Developer ECommerce/Marketing ISP Resources ASP Resources Wireless Internet Downloads Internet Resources Internet Lists International EarthWeb Career Resources Search internet.com Advertise Corporate Info Newsletters E-mail Offers

internet.commerce Be a Commerce Partner

The Ultimate Content Protector
(Part 2)

OK, but what happens when you want to be in your own frames?

It was time to call in the big gun, in the person of Ronnie Moore, the webmaster and chief script cook over at JavaScriptSource.com. Ronnie usually can polish off a tricky script in 15 minutes and then asks, "Do you have anything else for me to do?"

To make a long story short, we soon found out that -- due to some necessary features in the JavaScript language to protect people from doing things to people's pages on other domains -- even checking to see what domain a page is coming from will produce a JavaScript error that will prevent a script from running.

It took us weeks of going back and forth, setting up "bad guy" pages, clearing our IE caches every single time we tested, and testing in both IE and Netscape, but we^* finally came up with two scripts that should confound all but the most determined and clever of evildoers (unless the visitor has turned off JavaScript, of course). See what happens if such a protected frame is framed from a different domain by clicking here (we play the "bad guy" ourselves in this scenario).

As an added bonus, this will also automatically force your framed pages back into their proper frames, so that if someone links directly to a framed page outside of its frame (or attempts to "open this frame in a new window"), it will be seen in the proper context, with your enclosing frame and ad banner, or whatever (try that by clicking here). And they'll work whether your framed pages are static or dynamically generated.

Now how much would you pay for these scripts? :-) But as usual, they're free.

Pant, Pant...Where's the Code>

This first one (also available at http://javascript.internet.com/navigation/dynamic-frameset.html) Ronnie called "Dynamic Frameset". It's really in two parts. You use this code in the <HEAD> of the enclosing frameset page:

<SCRIPT LANGUAGE="JavaScript">

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
var table_of_contents = "http://javascript.internet.com/new/";  
// change to your default frame page

var blank = " "; // blank page
var content = (location.search) ? location.search.substring(1, location.search.length) : table_of_contents;

// if query string ('?' after URL) set content variable to what follows the '?'
// otherwise, start fresh by setting content variable to table_of_contents page

function fillFrame() {
parent.main.location.href = content;
}
//  End -->
</script>

and this code in the <BODY> of the frameset page:

<frameset rows="100,*" onLoad="fillFrame();">
  <frame name="header" scrolling="no" noresize src="banner.html">
  <frame name="main" src="javascript:parent.blank" scrolling="auto" noresize>
</frameset>

The second script, which must be put into the <HEAD> of your content frame, is the one called "Content Protector" (also available at http://javascript.internet.com/page-details/content-protector.html):

<SCRIPT LANGUAGE="JavaScript">
<!-- Original:  Ronnie T. Moore -->
<!-- Web Site:  http://javascriptsource.com -->

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
ok_urls = new Array();
ok_urls[1] = "http://your-site.com/frameset.html";
ok_urls[2] = "http://www.your-site.com/frameset.html";

// Enter all the possible web addresses that your site's frameset
// page can be accessed from online, such as with and without the 'www'

function reportError(msg, url, line) {
if (url == window.location.href) {

msg = "\nBandwidth Theft Alert!\n\n" +
"This site is illegally stealing bandwidth\n" +
"from our site, WWW.OUR-SITE.COM.\n\n" +
"We will now load the content page\n" +
"from our server so you may view it.\n\n" +
"Thanks for your patience!";
alert(msg);

top.location.href = ok_urls[1] + "?" + window.location.href;
return true;
   }
}

window.onerror = reportError;

url_found = 0;
for (var i = 1; i <= ok_urls.length && !url_found; i++) {
url_found = (parent.location.href.indexOf(ok_urls[i]) == -1);
}
if (!url_found || (window == top))
top.location.href = ok_urls[1] + "?" + window.location.href;
//  End -->
</script>

^*Mostly Ronnie.

Refresh Daily
Join Editor-in-Chief David Fiedler and find truth, justice, and a clue or two.

[ Site Map ] ActiveX / VBscript Animated GIF Archive Browsers CGI / Perl Database Connectivity Design / Graphics E-Commerce HTML-Advanced: DHTML, CSS HTML / Site Authoring Tools Intranet/Groupware Java JavaScript Multimedia: Audio / Video / Streaming Technologies Opinions Refresh Daily: Editorial Column Security Servers & Server Tools Site Design / Graphics Site Management / Marketing / Log File Analysis Tutorials VRML / 3D XML