I had a problem the other day.
Several small charts (hereinafter referred to as “covered pages”), which were originally nested in their own web pages using iframe, were stolen by bad merchants and set in their web pages.
Because quilt page did not do anti – theft measures, and the data in the page is very important, so you need to try anti – theft.
At present, the methods to prevent theft can be found, many of the adaptation scenarios for the page itself is not used for nesting and do, for the above problem is not applicable, so we need to find another method.
Here are the solutions:
The first thing that comes to mind is that if a thief uses iframe nesting, then my page loads and I can view the address of the outer page through window.top to see if it is used by my own framework.
Check window.top.location, and find that it is true, the thief’s page can see the difference in the address, so
if(window.top.location.hostname.search('10jqka.com.cn') = = =- 1) {// Only nested addresses are allowed
// window.top.location.href='//stockpage.10jqka.com.cn/'+(getCode()||'')
}Copy the code
Use the local proxy JS file for testing! Failure!
DOMException: "Permission denied to access property "hostname" on cross-origin object"Copy the code
Browser message code error!!
Because they are cross-domain, the browser’s security policy does not allow the nested web page to operate on the nested web page, and vice versa.
IE calls this error “no permissions”. Furthermore, the browser won’t even allow you to view top.location.hostname, so when you see this object across domains, you’ll get an error.
So how do you fix it?
For the above error, we can use it.
We just need to check to see if top.location.hostname has an error. If an error is reported, it indicates that there is cross-domain, and the TOP object is redirected to the URL. If no error is reported, no cross-domain (or framework is not in use) exists, and no action is taken.
The plot seemed to be beginning to unravel.
Try {top. The location. The hostname; } the catch (e) {top. Location. Href = window. The location. Href; }Copy the code
This should redirect correctly,
However, some browsers disable redirection by default and don’t even pop up a confirm button
So another solution can be used
try{top. The location. The hostname; }catch(e){document.getElementsByTagName('body') [0].innerHTML=+'http://stockpage.10jqka.com.cn/'+'" >'+'http://stockpage.10jqka.com.cn/'+'</a>'
}Copy the code
Put it on the nesting page, ok
Put it on your own website,
And walked into the catch??
The reason is that the domain of your web page is different from the domain of iframe. Need to keep the domains of both pages exactly the same (‘music.baidu.com’ and ‘www.baidu.com’ and ‘baidu.com’ are not the same)
Keep the two in line first and then execute the above scheme.
document.domain='10jqka.com.cn'; Copy the codeDone!