Change top window location from iframe

php javascript html facebook

10,882

due to XSS-resrictions you can set but cannot read top.location.href if your iframe resides on another domain than the page that calls the iframe. If the page you are redirecting to has the same domainname you will be able to check top.location.href. So the logic if your code should be reversed checking if it can access top.location.href and if NOT redirect. put it in a try..catch block to avoid javascript errors when accessing top.location

10,882

Author by

Immo

Updated on June 17, 2022

Comments

Immo almost 2 years
Hello I want to redirect my Facebook App page to another app page using php and javascript

I have
```
echo "<script type='text/javascript'>
if(window.top.location.href.toLowerCase().indexOf('http://apps.facebook.com/app1/') != -1) {
    window.top.location.href = 'http://apps.facebook.com/app2/2/';
    alert("Done");
}
else
   alert(window.top.location.href); 
</script>";
```
But I get an error:

Unsafe JavaScript attempt to access frame with URL http://apps.facebook.com/myapp/?ref=bookmarks from frame with URL http://mydomain.com/?ref=bookmarks. Domains, protocols and ports must match.

Is it possible to redirect from the Facebook Application iFrame without any problem?
- Karolis almost 13 years
  
  I think you can redirect, but you can't check the url of top window. But I think you can check for document.referrer
CBroe over 11 years

@pXdty: XSS = en.wikipedia.org/wiki/Cross-site_scripting And the restriction he’s talking about is called same origin policy, en.wikipedia.org/wiki/Same_origin_policy