Break Out of iframe

if (top.location!= self.location) {
   top.location = self.location.href;
}

That will generally work, but there is a small chance of failure in the case that window is overridden. Here's a couple of clever alternatives from Nathan Smith:

<script>

// Break out of an iframe, if someone shoves your site
// into one of those silly top-bar URL shortener things.
//
// Passing `this` and re-aliasing as `window` ensures
// that the window object hasn't been overwritten.
//
// Example:
//   var window = 'haha, punked!';
//
// Note: Probably unnecessary, but just for kicks.

(function(window) {
  if (window.location !== window.top.location) {
    window.top.location = window.location;
  }
})(this);

</script>
<script>

// A more cryptic one-liner, to awe & impress.
//
// No need to protect `window` since `this` is
// immutable, and at the topmost level means
// `window` anyways. Here, we compare locations
// on the left side of the "&&" and execute the
// code in parenthesis if that condition is
// true (top location isn't iframe location).
//
// Otherwise, nothing happens. It's basically an
// if statement without wrapping curly brackets.
//
// Weird, I know. But pretty cool, right? :)

this.top.location !== this.location && (this.top.location = this.location);

</script>

Comments

  1. User Avatar
    Zsitro
    Permalink to comment#

    Is there any way to prevent it? From the parent.

    • User Avatar
      Eru
      Permalink to comment#

      maybe if you try to dispatch the parent window.top, because it is only used by HTMLIFrameElement

  2. User Avatar
    The Fastest
    Permalink to comment#

    please, examples of blogs using an iframe

  3. User Avatar
    David
    Permalink to comment#

    Unable to get this to work on word press

  4. User Avatar
    Scott
    Permalink to comment#

    Will this result in registering two visits if I’m using Google Analytics to track it?

    If so, is there an alternate method that will allow the breakout, but not register two visits?

  5. User Avatar
    Miro
    Permalink to comment#

    This isn’t assured of working — setting the window.top.location can be bypassed (http://en.wikipedia.org/wiki/Framekiller#Framekiller_killers). Instead, you should set use the option detailed directly above that wikipedia section — only setting visible when it is detected that you aren’t in an iframe.

  6. User Avatar
    Dan
    Permalink to comment#

    Shouldn’t your first snippet be?:

    if (top.location!= self.location) {
       top.location.href = self.location.href;
    }
    

    When I tried it without the ‘href’ part, it caused a redirect, rather than just breaking out of the iFrame.

    • User Avatar
      Dan
      Permalink to comment#

      Sorry, ignore my last comment. It looks like it also does the reload with the “.href” added. Not sure why it appeared to do it without the reload when I first tried it with the “.href”! I should have done a bit more testing before posting my last post! Shame that it has to reload the page. Thanks for the info though.

  7. User Avatar
    Sagan Internet Marketing
    Permalink to comment#

    @Miro, you are actually not correct. That study is flawed. See my Wikipedia edits regarding this: https://en.wikipedia.org/wiki/Framekiller

    The solution presented here is the best option to kill frames.

  8. User Avatar
    Benjamin
    Permalink to comment#

    New with html5

    iframe sandbox=”allow-same-origin”

    Allows the iframe content to be treated as being from the same origin

    This worked well for me now lets see for how long.

Submit a Comment

Posting Code

You may write comments in Markdown. This makes code easy to post, as you can write inline code like `<div>this</div>` or multiline blocks of code in triple backtick fences (```) with double new lines before and after.

Code of Conduct

Absolutely anyone is welcome to submit a comment here. But not all comments will be posted. Think of it like writing a letter to the editor. All submitted comments will be read, but not all published. Published comments will be on-topic, helpful, and further the discussion or debate.

Want to tell us something privately?

Feel free to use our contact form. That's a great place to let us know about typos or anything off-topic.

icon-closeicon-emailicon-linkicon-logo-staricon-menuicon-nav-guideicon-searchicon-staricon-tag