how to block FRAME src from other websites to our website - javascript

I've a question about FRAMESET, My website perfectly load on another domains if they use following code.
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Cache-Control" content="no-cache">
</HEAD>
<FRAMESET>
<FRAME src="https://www.mywebsite.com" noresize>
<NOFRAMES>
Your browser does not support frames.
</NOFRAMES>
</FRAMESET>
</HTML>
But this above code doesn't work for other websites. because they already blocked it.
Here is my qeustion:
How can I block this method of FRAMESET that other websites won't be
able to load my website into their websites?
As something I know, we can use JavaScript method like window.top.location.href to redirect other domains to our website if they use FRAMESET, but what's the best solution for this method? Not redirect method, something better way,
I highly appreciate your help and advice on this issue.
Thanks in advance

As you can read here
Meta-tags that attempt to apply the X-Frame-Options directive DO NOT
WORK. For example, )
will not work. You must apply the X-FRAME-OPTIONS directive as HTTP
Response Header as described above.
In my expierence with PHP it's working when I use for example something like this
<?php
header('X-Frame-Options: SAMEORIGIN');
instead of using a meta tag like
<meta http-equiv="X-Frame-Options" content="SAMEORIGIN">
So you have to add your X-Frame-Options to header instead of meta tag in HTML head section.

Related

how to redirect a web page and show the new URL?

I want to redirect a plain HTML web page to a new URL, but everything I have tried (meta refresh, Javascript redirect) results in the old URL appearing in the address bar of the new page, even after clearing my browser cache. .htaccess redirects sometimes work but are complicated by the fact that the old page is already the target of a redirect from another domain. I do not have access to the hosting account.
Can anybody suggest a way to make the new URL always appear on the address bar for the new page? Thanks a lot.
Using the meta refresh tag should work fine.
<meta http-equiv="refresh" content="0; url=http://example.com/" />
Note: Place it in the head section.
You may also want to do a javascript redirect as the W3C doesn't recommend the meta tag approach, although it may not work on all mobile browsers. Along with a fallback text link, that would make your page similar to:
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta http-equiv="refresh" content="1; url=http://example.com">
<script type="text/javascript">
window.location.href = "http://example.com"
</script>
<title>Page Redirection</title>
</head>
<body>
<!-- Note: don't tell people to `click` the link, just tell them that it is a link. -->
If you are not redirected automatically, follow this <a href='http://example.com'>link to example</a>.
</body>
</html>
Many thanks to the answers from this previous answer: Redirect from an HTML page

parsing html using Jsoup - returned document with robots meta tag

My problem is when I am using jsoup lib for parsing a specific url, it has been great till one day my parsing has corrupted, the document that has returned had some few tags which was not anything like the old document, it had meta tag named "ROBOTS".
An example of the header in the response:
<head>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
<meta name="format-detection" content="telephone=no" />
<meta name="viewport" content="initial-scale=1.0" />
</head>
My question is, how do you think I can overcome this block? Tried using several other libraries which parse javascript as well, but it wasnt helpful and resulted the same, maybe I didn't use it right.
(I have learnt that the meta tag robots was made for preventing bots, initially for search engines, how can I bypass this behavior? How can I act like a regular every-browser client?)
You didn't explicitly state this in your answer, but I'm assuming Jsoup is being sent different HTML than what your browser sees. In that case, you probably need to set the user agent header so Jsoup looks like your browser.

How do I load a webpage inside a div using Javascript without IFRAME and JQuery?

I need to load an external webpage into a div. I don't want to use an iFrame. And I want this done with plain Javascript. I'm not sure how to go about it.
With difficulty…
Use Ajax (e.g. via XMLHttpRequest) to get the page. Since it is external, you will need to bypass the same origin policy.
Once you have the page, extract the relevant parts of it (probably the children of the body element) and add that to your existing DOM.
You'll need to account for differing stylesheets between your site and the external one, for relative URIs (to resources on the external site that aren't on yours), and for any scripts in the remote content.
Whichever method you have, in js, try this instead : $('#myid').load('mylink.com')
I know only this in js.
You don't even need javascript-
but the same restrictions apply as for iframe inclusion of different domains.
<!doctype html>
<html lang="en">
<head>
<meta charset= "utf-8">
<title>test page</title>
</head>
<body>
<div>
<object type="text/html" data="http://validator.w3.org/" width="800px" height="600px" style="overflow:auto;border:5px ridge blue">
</object></div>
</div>
</body>
</html>
You should be able to load html pages within a page using the jQuery.get() method. I'm using this method for two websites for my clients, where the individual pages are different sections of the site.
I'm unsure of the behavior you may encounter if you attempt to use this method loading full HTML pages that include header information and the body tag. I recommend using it to load HTML snippets.
jQuery.get()

Using google chrome frame with Django

I am trying to use Google Chrome Frame in my Django app.
Inserting <meta http-equiv="X-UA-Compatible" content="chrome=1"> into the header doesn't do the trick.
Right now, this is what my header looks like:
<head>
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<title>Amuse Me</title>
<link href='/static/style.css' rel='stylesheet' type='text/css' />
<script type="text/javascript" src="/static/jquery-1.6.0.min.js"></script>
<script type="text/javascript" src="/static/base.js"></script>
</head>
Any suggestions?
Your page might be cached as suggested in quirksblog:
Cache
When I was doing research I used one
test page and constantly changed the
tags in the . The problem
was that IE/Frame seemed to be caching
not only the page, but also in which
rendering engine it should be shown.
Therefore a simple page refresh won’t
help you here.
Fortunately Twitter user jdalton came
up with a solution: simply append a
pseudo-query such as ?123 to the page
URL. That bypasses the cache and
forces the browser to re-evaluate the
tags.
Open your code in Google Chrome's developer tools and look for html errors, and check your resource headers.

How to redirect if javaScript is disabled?

I have a site which relies heavily on javaScript. I created a mirror site, which has all the JS as well as all the elements that require JS removed. What is a good, easy way to redirect users to the mirror site if they don't have javaScript enabled?
I tried this, but it doesn't seem very good:
<noscript>
<meta http-equiv="refresh" content="0; URL=nojs/index.php">
</noscript>
I also tried to putting header-redirect into the noscript tag, but that didn't work.
<noscript>
<p>This site is best viewed with Javascript. If you are unable to turn on Javascript, please use this site.</p>
</noscript>
Some people purposely disable Javascript, and you might want to give them a chance to turn it on before redirecting them.
Use this code that I came up with:
<noscript>
<style>html{display:none;}</style>
<meta http-equiv="refresh" content="0.0;url=nojs/index.php">
</noscript>
It uses style to block what's on the page so then people won't notice anything before it redirects. The only thing that annoys me is that I want something better than meta refresh as that can be blocked on some browsers like IE. A PHP header isn't really a solution as you can't put it in a noscript tag as it will just ignore it and write it out straight away.
Make the no-JavaScript version of the site the default. Include a small script in there to redirect to the scripted site.
Or, abandon the use of a redirect entirely and go with Progressive Enhancement
What is your definition of "not very good"?
All my sites use:
<noscript>
<meta http-equiv="refresh" content="0; url=http://www.sadtrombone.com/" />
</noscript>
I wouldn't do client-side redirection, as that might seem annoying to the user. Instead, what I would do is use <noscript> to show the content of this JS-less site on the same page. It may be more work, but it would definitely be a smoother experience.
I came up with a better solution than having to redirect the user as meta-refresh can be disabled in IE.
Put this in the HEAD:
<style>div#body{display:none;}</style>
Put this in the BODY:
<noscript>NO JAVASCRIPT CONTENT HERE</noscript>
<noscript><div id="body"></noscript>JAVASCRIPT CONTENT HERE<noscript></div></noscript>
That way the tags are where they're meant to be.
Just simply put this code to your html file
<meta http-equiv = "refresh" content = "2; url = https://www.google.com" />
<!DOCTYPE html>
<html>
<head>
<title>Redirection</title>
<meta http-equiv = "refresh" content = "2; url = https://www.tutorialspoint.com" />
</head>
<body>
<p>This page will redirect in 2 seconds.</p>
</body>
</html>

Categories

Resources