iframes within a trusted website list

I'm new to iframes and their security flaws. I have website A that needs to be embedded on an iframe on a list of websites. Here is the interesting part.

  • The list of trusted websites and the iframe share the same domain.
  • Only the list of trusted websites can iframe A
  • If an untrusted website tries to iframe A, some error should be rendered.

I know some places do this with some sort of tokenization system. Does anyone know or have some good references to do this?

Answers:

Answer

well, you can't prevent people from framing your website because you don't control their code.

however, you could:

  • use a framebuster to bust your site to top level (exit from iframe and into main window).

  • check the parent window's url (the url of the site framing your site). it works only if same domain, meaning if another domain is iframing you, you can't get the parent url ("aha! someone's framing your site!"). if you CAN get the url, the top site is from your domain. the only thing you need to do after that is to check if that site is part of your trusted sites in your domain.

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.