Database Journal: The Knowledge Center for Database Professionals

FlashKit
GIF.com
HiermenusCentral
webdeveloper Jobs
Java Boutique
JavaScript.com
JavaScript Source
ScriptSearch
StreamingMedia World
WDJ
WDVL
WebDeveloper.com
WebReference.com
XMLFiles.com

internet.com Internet News Internet Investing Internet Technology Windows Internet Tech. Linux/Open Source Web Developer ECommerce/Marketing ISP Resources ASP Resources Wireless Internet Downloads Internet Resources Internet Lists International EarthWeb Career Resources Search internet.com Advertise Corporate Info Newsletters E-mail Offers

internet.commerce Be a Commerce Partner

The Ultimate Content Protector

Confound content and bandwidth thieves with this deceptively simple script

OK. You've been framed and you don't like it. Now what?

Although the practice is becoming less common these days, quite a number of webmasters have been surprised to find that their content pages have been "frame hijacked" by other sites.

While it's relatively simple to find when someone has actually copied your pages (just select a unique phrase, other than a copyright, and search for it on AltaVista), frame hijacking occurs when the evildoer puts your page in their frame. That makes it look as though they wrote your page (especially since their URL, not yours, is displayed). This is generally done in order to unfairly profit from your work, so you'll also usually see one of their ad banners above your content. Even worse, they're stealing your bandwidth (which you're paying for) because you're serving the pages right to their visitors!

Fortunately, it's easy to break out of unwanted frames. It only takes one line of JavaScript code (though it must be surrounded by the usual headers and footers) in the <BODY> of your page:

<script language="JavaScript">
<!-- Begin
if (window != top) top.location.href = location.href;
// End -->
</SCRIPT>

You don't even have to understand any JavaScript to cut and paste that one, but basically it tests to see whether your page is the topmost window frame of the browser, and if not, forces itself to jump out of the enclosing frame.

But wait, there's more.

Let's say that your content is already framed, because you designed it that way. It's in your own frames, in fact. The bad guy comes along, creates his own frame for your content on his own site, and so on. But you can't use the above script, because it will break your page out of all frames, including your own. What to do?

This happened to me on one of my sites, so I thought I'd cleverly toss off a little JavaScript program to break out of frames unless they were on my site.

Ha.

The first thing I tried was checking the address string of the page if it was in frames, to make sure it matched my domain and enclosing frame's name.

The next thing the "bad guy" did was set up a subdirectory with the same name as my domain, and used the name of my enclosing frame. This, of course, fooled my script.

So of course I rolled up my sleeves and prepared to do battle.

Refresh Daily
Join Editor-in-Chief David Fiedler and find truth, justice, and a clue or two.

[ Site Map ] ActiveX / VBscript Animated GIF Archive Browsers CGI / Perl Database Connectivity Design / Graphics E-Commerce HTML-Advanced: DHTML, CSS HTML / Site Authoring Tools Intranet/Groupware Java JavaScript Multimedia: Audio / Video / Streaming Technologies Opinions Refresh Daily: Editorial Column Security Servers & Server Tools Site Design / Graphics Site Management / Marketing / Log File Analysis Tutorials VRML / 3D XML