开发者

javascript on twitter to prevent embedding the html page

This is the javascript that you can find in www.twitter.com (just click to see the source code) I have just reformatted it for clarity:

if (window.top !== window.self) {
  document.write = "";
  window.top.location = window.self.location;
  setTimeout(function() {
    document.body.innerHTML = '';
  }, 1);
  window.self.onload = function(evt) {
    document.body.innerHTML = '';
  };
}

no开发者_如何学Gow I understand this trick is to prevent other sites to wrap twitter in other iframes. but what I want to ask is do we really need all of this code ? what's the need of setting a function to execute in 1 millisecond, one to execute at 'onload' and one now.

is that paranoia or is it really worth ?

Many THanks in advance Reg


Most browsers will only open one or two connections to the server while the page is loading, which means the redirect has to sit in the queue while the original copy of the page loads. You may have noticed that the "current" page in the browser remains interactive/useable when you click on a link, until the new page actually starts downloading. The timeout/onload stuff kills the content of the page, theoretically aborting any of the in-progress transfers and bumping the redirect to the top of the list. And also prevents the page from being used within the frame/iframe, until the framebuster code has finished.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜