View Comments

Wrapper Module - Preventing Frame Busting

A client recent asked us to provide a page from his website to an associates website so that his customers could login and access information on the associate site without leaving his website. The Wrapper module or component that form part of the Joomla! 1.5 package seemed to be an ideal solution to his requirement. We configured a link to the associates website using the module and logged in to the test account. On logging out we encountered a problem the logout script on the associate's website cased the page to break out of the iFrame created by the wrapper and the client's user was left stranded on the associate's website. This article describes the simple modifications we made to the Wrapper Module to overcome the problem.

A practical solution to prevent Frame Busting

Whilst researching the problem we came across an article on the coderrr blog about Preventing Frame Busting. The article describes a relatively simple way of preventing a website breaking out of an iFrame using a few lines of Javascript inserted at the start of the page holding the iFrame. The required code is shown below. We modified a copy of the Wrapper Module and tried it. It worked perfectly returning the browser to the client's website when you logged out of the test account on the associate's website.

<script language="javascript" type="text/javascript">
 var prevent_bust = 0
 window.onbeforeunload = function() { prevent_bust++ }
 setInterval(function() {
 if (prevent_bust > 0) {
 prevent_bust -= 2
 window.top.location = 'http://www.mywebsite.com/index.php'
 }
 }, 1)
</script>

Implementing the solution on a Joomla! website

You could simply insert this into the Wrapper Module's template file, replacing the http://www.mywebsite.com/index.php with a suitable reference to your own site. However as we were modifying the Wrapper Module's code we thought that a better approach would be to add the return URL as a parameter. So to avoid our changes being over-written by a future Joomla! patch we created an Enhanced Wrapper Module (mod_ewrapper), added the above Javascript to the start of the default module template file. We then modified the module files to support a 'return' parameter to allow a URL to be specified that the module will return the user to, if the wrapped site tries to breakout of the iFrame. If the 'return' parameter is left blank, the module code will use the Joomla! site's home page as the default return URL.

A copy of our Enhanced Wrapper module can be downloaded from here.

blog comments powered by Disqus
back to top

Disclaimer

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Bodvoc Ltd is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.

YouCMSAndBlog Module Generator Wizard Plugin
Follow us on Twitter
Copyright © 2013 Bodvoc Ltd. All rights reserved.