Break that frame with JavaScript Framekiller

Break that frame with JavaScript Framekiller

HTML frames have the capability to show webpages as the sub-division of their parent webpage. Sometimes this ability of frames give advantage to external sites that put your sites in frames, slap their ads in the parent webpage and try to encash hard-worked content of someone else, it’s also known as clickjacking.

It’s obvious, everyone would hate to see someone else getting conversions and clicks on their very own content.

If you don’t want your website to get misused like this, and you don’t want other people to put your site in their frames, you should make use of JavaScript Frame Breaking, also known as Framekiller / Framebreaker / Framebuster.

JavaScript Framebreakers

Framebreaker script basically prevents frames from external websites to display the target website without permission, often as part of clickjacking attack. JavaScript Framebreaker script detects such clickjacking and breaks the frame when that external website is loaded and redirects the visitor to the target website.

You need to put the frambreaker script in the <head> section of your webpage, save the changes and leave the rest of the things on the script.

Classic older version of JavaScript Framebreaker

<script type="text/javascript">
  if(top != self) top.location.replace(location);
</script>

Above is the first version of JavaScript frambreaker which is simple, 3-line code. However, experts found this little script limited and propounded a new version in 2010.

Modern Framebreaker

The logic of the new Framebreaker script is to disable presentation (display) of the page by default and enable it only in top location.

<style> html{display : none ; } </style>
<script>
   if( self == top ) {
       document.documentElement.style.display = 'block' ; 
   } else {
       top.location = self.location ; 
   }
</script>

However, I found the older one simple to use and implement, as I don’t want to mess up with the presentation. The modern Framebraker would create disasters in non-JavaScript browsers and keep on disabling the presentation of the webpage.