How to disable iFrame encapsulation

It's a common trend to encapsulate sites in iframes, this is done by DiggBar and a lot of others.

The problem with these toolbars are following:

  • they break script support, at least for Plurk
  • they steal SEO from your site, i.e. it's the owner of the short URL domain that gets the back links
  • they can be a serious security threat, making things like XSS or CSRF much easier

The solution is pretty easy thought, simply add this to your header section: 

<script type="text/javascript">
if (window != top)  {
    //Inside an iframe check
    top.location.href = location.href;
}
</script>

This checks if your site is inside an iframe - - if it is, it will change the top window's location to your site.

Code · Plurk · Security 26. May 2009
© Amir Salihefendic. Powered by Skeletonz.