Written by
Marek Aufart
on
on
Unwanted redirect from iframe
Iframe tag allows insert to the webpage content from different URL. Browsers take care about it's isolation to avoid security risks. What a surprise when I experienced, that page in iframe redirects parent window. The evil code which can do that is:
window.top.location = "http://some.url"
Easy way to avoid this behavior is to use HTML5 sandbox attribute. Example:
<iframe height='500px' sandbox='allow-forms allow-scripts' src='http://some.url' width='99.6%'></iframe>
Caveats: sandbox side-effect is also restriction of PDF opening etc. Will be continued:-)
Related links: