Develop Reference

Cleaning / hide code from inspect element

I have an e-commerce website and I don't want people to do phishing from inspect element (F12 or CTRL + U) on my checkout page.
On NVIDIA AI PLAYGROUND web site they was able to clean the hole site and keep only this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>nvidia-research-mingyuliu.com</title>
<meta name="description" content="">
<meta name="keywords" content="">
</head>
<frameset rows="100%,*" border="0">
<frame src="http://34.216.122.111/gaugan" frameborder="0" />
</frameset>
</html>
The link of the Nvidia clean source code page is: http://nvidia-research-mingyuliu.com/gaugan
I have no idea with language I have to use in order to clean the hole page by javascript or php.

This is not possible. The Nvidia site uses a frameset which loads another page and displays it. The code of this seperate page isn't hidden either. In Firefox it is even possible to inspect the elements of the frame.

how to block FRAME src from other websites to our website

I've a question about FRAMESET, My website perfectly load on another domains if they use following code.
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Cache-Control" content="no-cache">
</HEAD>
<FRAMESET>
<FRAME src="https://www.mywebsite.com" noresize>
<NOFRAMES>
Your browser does not support frames.
</NOFRAMES>
</FRAMESET>
</HTML>
But this above code doesn't work for other websites. because they already blocked it.
Here is my qeustion:
How can I block this method of FRAMESET that other websites won't be
able to load my website into their websites?
As something I know, we can use JavaScript method like window.top.location.href to redirect other domains to our website if they use FRAMESET, but what's the best solution for this method? Not redirect method, something better way,
I highly appreciate your help and advice on this issue.
Thanks in advance

As you can read here
Meta-tags that attempt to apply the X-Frame-Options directive DO NOT
WORK. For example, )
will not work. You must apply the X-FRAME-OPTIONS directive as HTTP
Response Header as described above.
In my expierence with PHP it's working when I use for example something like this
<?php
header('X-Frame-Options: SAMEORIGIN');
instead of using a meta tag like
<meta http-equiv="X-Frame-Options" content="SAMEORIGIN">
So you have to add your X-Frame-Options to header instead of meta tag in HTML head section.

Javascript code ignored in web-resource

I've got a page I'm adding as a Web Resource in a dynamics CRM form. I've developed the code outside the iframe and it works standalone in IE (9+) and Firefox navigating directly to the resource URL. (edited)
Coming back to testing the code embedded in CRM after a days standalone development and now; none of the scripts run when loaded as part of the CRM form. I've tested this by adding small alert scripts at every stage of the javascript load (as follows), now these work in all browsers as far back as IE5, but not when loaded within an IFrame on the CRM form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
alert("1");
</script>
<!-- etc.. -->
I've also tried creating a local page to load my page in an iframe which also works as expected:
<!DOCTYPE html>
<html>
<head>
<title>Iframe test</title>
</head>
<body style="background: Red;">
<h1>Hello, World!</h1>
<iframe width="500" height="500" src="http://server:5555/...">
</iframe>
</body>
</html>
as this issue only occurs in an IFrame I've run out of ideas for how to debug it. My best guess would be the issue is a conflict with code in the parent page but even then I'd expect my alert at the entry point of the html file would run.
I'm not sure at what point yesterday the code stopped working and don't have a backup unfortunately. I'd appreciate any speculation on why scripts would be abandoned within an IFrame, tips on any extra debugging steps I could try... or a solution =p.

Turned off "Restrict Cross-frame scripting" in the properties for the web-resource on the form which solved the issue.
Thanks for all the help though!

Have you tried adding it as a web resource rather than an iframe? There could be some xss security kicking in. Web Resource should get over that. The Web Resource also has other advantages (dependency aware etc).

HTML Frameset issues

I have a main page (test3.html) which has a <frameset> with 2 frames;
Now the top frame is an HTML file always..
But the bottom frame can be a PDF (desktop ver) OR HTML (iPad ver) depending on the condition
I know how to detect iPad or Desktop..So my question is not on how to do that..
For the bottom frame, The HTML (iPad) is just going to have 1 link (but that is dynamic). Is it necessary to call that in a frame? i.e. create a separate bottom_frame.html
I mean is there some way by which it can be coded in the same main page (test3.html) and attached to that page? The reason I am not looking for separate page for bottom frame (iPad HTML) is because it will only have 1 link and that would have to dynamically parsed (and I am getting that info in the main page already..so don't want to create a separate page for that again..)
Below is the URL of the main page;
http://ipad.atwebpages.com/test3.html

Not that I approve of the use of framesets, but you could use a data uri for the lower frame. Something like this:
<!DOCTYPE html>
<html>
<frameset rows="121,*" cols="*">
<frame src="head.html" name="topFrame">
<frame src="data:text/html;base64,PCFET0NUWVBFIGh0bWw+DQo8dGl0bGU+VGVzdCBDYXNlPC90aXRsZT4NCjxkaXY+TG93ZXIgRnJhbWU8L2Rpdj4=" name="bottomFrame">
</frameset>
</html>

JavaScript: Alert when user exits site?

My boss wants our site to show an alert if a customer tries to exit the site with items in the cart.
How can I show an alert when the user tries to exit our site? Also I don't want to show the alert if they are just navigating to another page on our site, but only if they are navigating completely away from our site.
P.S. I am not using any frameworks.

There's no simple way to detect leaving a domain. You can detect leaving a page easily with the onBeforeUnload event, but leaving the entire domain isn't so simple. As suggested here, you could probably do this by implementing a single master page that loads all pages in an iframe...

Whilst you can use the onbeforeunload event to determine that the page is trying to leave the site, you can not get the new URL that the page is going to even if it is on your own site as this is a security violation.
The only workaround that I can think of is as suggested in another post by either using a Iframe or full frame, but that gives the difficulty of URL being static and therefore prevents bookmarking.
E.g.:
frame.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script language='JavaScript' type='text/javascript'>
window.onbeforeunload = function (evt) {
return "This is a demonstration that you are leaving me";
}
</script>
<frameset border='0' rows="*">
<frame src='test_page.htm' border=0 scrolling=no frameborder=0 noresize name=top>
</frameset>
</body>
</html>
E.g. Test Page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
</head>
<body>
Hello World
<p>
<a href='javascript:top.location.href="http://www.google.com"'> Outside link Google</a>
</p>
<p>
<a href='http://www.google.com'> Inside frame link to Google</a>
</p>
</body>
</html>
This allows you to navigate to a link either inside the frame or outside the frame (just as an example both to the same destination). But only if you go outside or close the browser will you be asked if you want to do this?