javascript - prevent kill frame

Question

instead of asking how to kill frame. i interested to know what technique can be used to prevent an iframe inside a page from been killed by "frame killer"

Answer 1

There is always, unfortunately a way to get round frame killers, because of the way they work. (The site that is being framed can usually, however, display a warning).

See Jeff Atwood's "disturbing revelation".

A few choice excerpt:

If an evil website decides it's going to frame your website, you will be framed. Period. Frame-busting is nothing more than a false sense of security; it doesn't work.

Frame busting code (from the linked Stack Overflow challenge):

<script type="text/javascript">
    var prevent_bust = 0  
    window.onbeforeunload = function() { prevent_bust++ }  
    setInterval(function() {  
      if (prevent_bust > 0) {  
        prevent_bust -= 2  
        window.top.location = 'http://server-which-responds-with-204.com'  
      }  
    }, 1)  
</script>

This code does the following:

• increments a counter every time the browser attempts to navigate away from the current page, via the window.onbeforeonload event handler

• sets up a timer that fires every millisecond via setInterval(), and if it sees the counter incremented, changes the current location to a server of the attacker's control

• that server serves up a page with HTTP status code 204, which does not cause the browser to navigate anywhere