Change top window location from iframe
due to XSS-resrictions you can set but cannot read top.location.href if your iframe resides on another domain than the page that calls the iframe. If the page you are redirecting to has the same domainname you will be able to check top.location.href. So the logic if your code should be reversed checking if it can access top.location.href and if NOT redirect. put it in a try..catch block to avoid javascript errors when accessing top.location
Immo
Updated on June 17, 2022Comments
-
Immo almost 2 years
Hello I want to redirect my Facebook App page to another app page using php and javascript
I have
echo "<script type='text/javascript'> if(window.top.location.href.toLowerCase().indexOf('http://apps.facebook.com/app1/') != -1) { window.top.location.href = 'http://apps.facebook.com/app2/2/'; alert("Done"); } else alert(window.top.location.href); </script>";
But I get an error:
Unsafe JavaScript attempt to access frame with URL http://apps.facebook.com/myapp/?ref=bookmarks from frame with URL http://mydomain.com/?ref=bookmarks. Domains, protocols and ports must match.
Is it possible to redirect from the Facebook Application iFrame without any problem?
-
Karolis almost 13 yearsI think you can redirect, but you can't check the url of top window. But I think you can check for document.referrer
-
-
CBroe over 11 years@pXdty: XSS = en.wikipedia.org/wiki/Cross-site_scripting And the restriction he’s talking about is called same origin policy, en.wikipedia.org/wiki/Same_origin_policy