Home >Web Front-end >JS Tutorial >How Can We Defeat a Frame-Busting Buster That Uses `setInterval` and `onbeforeunload`?

How Can We Defeat a Frame-Busting Buster That Uses `setInterval` and `onbeforeunload`?

Susan Sarandon
Susan SarandonOriginal
2024-12-09 03:44:09547browse

How Can We Defeat a Frame-Busting Buster That Uses `setInterval` and `onbeforeunload`?

Frame Buster Buster Buster: Defying the Unbreakable

You've implemented a robust frame-busting script to prevent your site from being displayed within an iframe. But what happens when your frame-busting code itself becomes the target?

The Frame Busting Buster.

A clever attacker has developed a script that can bypass your frame-busting measures by utilizing the window.onbeforeunload event and a timer set to fire every millisecond. The attacker's script:

  • Prevents the browser from navigating away from the current page by incrementing a counter in the window.onbeforeunload event handler.
  • Redirects the location to a server controlled by the attacker using a timer.
  • The attacker's server responds with a 204 status code, preventing the browser from navigating anywhere.

Your initial attempts to defeat this frame-busting buster have failed. Clearing the onbeforeunload event has no effect, and alert boxes only provide a temporary interruption.

The Buster Buster Buster.

Can you break the cycle and defeat the tenacious frame-busting buster? One approach to neutralize the attacker's script is to target the setInterval() timer:

// Detect the attacker's script
var busterBuster = setInterval(function() {
  if (prevent_bust > 0) {
    // Bust the buster
    clearInterval(busterBuster);
    prevent_bust = 0;
  }
}, 1);

This script:

  • Regularly checks for the presence of the attacker's timer.
  • When the timer is detected, it clears the timer, resetting prevent_bust to 0.
  • This action effectively breaks the cycle and prevents the attacker's script from continuing to execute.

Conclusion.

While the frame-busting buster was a formidable challenge, the buster-buster-buster demonstrates the resilience and adaptability of JavaScript programmers. By carefully analyzing the attacker's code and leveraging knowledge of JavaScript's features, we can overcome even the most complex threats.

The above is the detailed content of How Can We Defeat a Frame-Busting Buster That Uses `setInterval` and `onbeforeunload`?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn