if (top.location!= self.location) {
top.location = self.location.href;
}That will generally work, but there is a small chance of failure in the case that window is overridden. Here’s a couple of clever alternatives from Nathan Smith:
<script>
// Break out of an iframe, if someone shoves your site
// into one of those silly top-bar URL shortener things.
//
// Passing `this` and re-aliasing as `window` ensures
// that the window object hasn't been overwritten.
//
// Example:
// var window = 'haha, punked!';
//
// Note: Probably unnecessary, but just for kicks.
(function(window) {
if (window.location !== window.top.location) {
window.top.location = window.location;
}
})(this);
</script><script>
// A more cryptic one-liner, to awe & impress.
//
// No need to protect `window` since `this` is
// immutable, and at the topmost level means
// `window` anyways. Here, we compare locations
// on the left side of the "&&" and execute the
// code in parenthesis if that condition is
// true (top location isn't iframe location).
//
// Otherwise, nothing happens. It's basically an
// if statement without wrapping curly brackets.
//
// Weird, I know. But pretty cool, right? :)
this.top.location !== this.location && (this.top.location = this.location);
</script>
Is there any way to prevent it? From the parent.
maybe if you try to dispatch the parent window.top, because it is only used by HTMLIFrameElement
please, examples of blogs using an iframe
Unable to get this to work on word press
There is a plugin for WordPress > http://wordpress.org/plugins/wp-framebreaker/
Will this result in registering two visits if I’m using Google Analytics to track it?
If so, is there an alternate method that will allow the breakout, but not register two visits?
This isn’t assured of working — setting the window.top.location can be bypassed (http://en.wikipedia.org/wiki/Framekiller#Framekiller_killers). Instead, you should set use the option detailed directly above that wikipedia section — only setting visible when it is detected that you aren’t in an iframe.
Shouldn’t your first snippet be?:
When I tried it without the ‘href’ part, it caused a redirect, rather than just breaking out of the iFrame.
Sorry, ignore my last comment. It looks like it also does the reload with the “.href” added. Not sure why it appeared to do it without the reload when I first tried it with the “.href”! I should have done a bit more testing before posting my last post! Shame that it has to reload the page. Thanks for the info though.
@Miro, you are actually not correct. That study is flawed. See my Wikipedia edits regarding this: https://en.wikipedia.org/wiki/Framekiller
The solution presented here is the best option to kill frames.
New with html5
iframe sandbox=”allow-same-origin”
Allows the iframe content to be treated as being from the same origin
This worked well for me now lets see for how long.
I know this post is old but I tried this and worked very well. The problem is that, if I am using “Visual Composer” (a visual builder for wordpress), it redirects me to the post and I can’t use Visual Composer..
Any idea of how to prevent it if it’s same domain ?
Thanks !
Sadly, this doesn’t work with WP Customizer and removes/redirects it as well.
Wow. This is great!
I had struggled to make my site look nice but the redirect to login page was an issue since the login page distorted everything. The oneliner is great.