Don't like Frames?

If you don't like the extra overhead of loading multiple pages that is associated with using frames then this tip is for you.

To stop your page from loading into one frame of someone else's frame based web page just insert the following JavaScript into the <head> section of your page. Note that this is one of the very few instances where you should insert JavaScript into the head of the page rather than placing it at the bottom of the body as you want the page to reload outside of the frames as quickly as possible without waiting for the entire page to load in the frames first. In fact it is the only JavaScript code I know of that isn't going to provide improvements in load times by attaching it at the bottom instead.

 <script type="text/javascript">
if (top.location != self.location) top.location = self.location;
</script>

This will ensure that your page gets reloaded in the top of the browser window removing all of the frames but only if the person visiting your page has JavaScript enabled. Anyone can easily bypass this processing by turning off JavaScript temporarily.

Modern browsers now recognise an HTTP header that can tell the page not to display inside someone else's frames. That too can be bypassed but not quite as easily as this JavaScript version can be.

To set up the HTTP header to specify that your pages should not be displayed in someone else's frames you need to specify one of the following using whichever language you usually use to specify HTTP headers.

Frame-Options : deny
Frame-Options : sameorigin

Note that the second of these still allows you to display the pages within your own frames and there is a third option for where you only want to allow your pages to be displayed in frames on a specific web site.

 

This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow
Donate