I've been using a custom function for some time now to prevent clickjacking on certain sites. However, I've been surprised to find there's not a lot out there about how to do this 'idiomatically' using the various popular JavaScript frameworks.
我一直在使用自定义功能一段时间,以防止在某些网站上点击劫持。但是,我很惊讶地发现,如何使用各种流行的JavaScript框架“惯用”这一点并不是很多。
Are there users of jQuery, Dojo, YUI, and/or ExtJS that have used their framework to implement clickjacking protection? I'd love to see examples!
有没有jQuery,Dojo,YUI和/或ExtJS的用户使用他们的框架来实现点击劫持保护?我很乐意看到例子!
2 个解决方案
#1
Why use a library? You could just do:
为什么要使用图书馆?你可以这样做:
var all = document.getElementsByTagName('iframe'), l = all.length;
while (l--) all[l].parentNode.removeChild(all[l]);
But if you really feel you need a library. In jquery this is pretty easy, just find all iframes and remove them.
但如果你真的觉得你需要一个图书馆。在jquery中,这很简单,只需查找所有iframe并将其删除即可。
$(document).ready( function() { $('iframe').remove(); });
#2
It isn't so simple. The top frame could prevent the page to be unloaded. I would use the following code to work around it:
这不是那么简单。顶部框架可以防止页面被卸载。我会使用以下代码来解决它:
if (window.top !== window.self) {
window.top.location.replace(window.self.location.href);
alert('For security reasons, frames are not allowed.');
setInterval(function(){document.body.innerHTML='';},1);
}
It uses alert() to give the browser time to load the new page. And it leaves no clickable elements if everything fails.
它使用alert()为浏览器提供加载新页面的时间。如果一切都失败,它不会留下任何可点击的元素。
See the full problem description: frame-buster-buster-buster-code-needed
查看完整的问题描述:frame-buster-buster-buster-code-needed
#1
Why use a library? You could just do:
为什么要使用图书馆?你可以这样做:
var all = document.getElementsByTagName('iframe'), l = all.length;
while (l--) all[l].parentNode.removeChild(all[l]);
But if you really feel you need a library. In jquery this is pretty easy, just find all iframes and remove them.
但如果你真的觉得你需要一个图书馆。在jquery中,这很简单,只需查找所有iframe并将其删除即可。
$(document).ready( function() { $('iframe').remove(); });
#2
It isn't so simple. The top frame could prevent the page to be unloaded. I would use the following code to work around it:
这不是那么简单。顶部框架可以防止页面被卸载。我会使用以下代码来解决它:
if (window.top !== window.self) {
window.top.location.replace(window.self.location.href);
alert('For security reasons, frames are not allowed.');
setInterval(function(){document.body.innerHTML='';},1);
}
It uses alert() to give the browser time to load the new page. And it leaves no clickable elements if everything fails.
它使用alert()为浏览器提供加载新页面的时间。如果一切都失败,它不会留下任何可点击的元素。
See the full problem description: frame-buster-buster-buster-code-needed
查看完整的问题描述:frame-buster-buster-buster-code-needed