Preventing child iframe from “breaking out of frame”

Question

I\'m doing some simple web integration work which I\'m accomplishing through use of an iframe. My main window has some javascript which interacts with my server to redirect

Answer 1

This is my first post so don't trash me if it doesn't work, but this fix seems to work for me in IE. Add security="restricted" to your frame.

example:

Edit: I found a better solution. That doesn't block scripts and doesn't require javascript. Try using sandbox="..."

• allow-forms allows form submission
• allow-popups allows popups
• allow-pointer-lock allows pointer lock
• allow-same-origin allows the document to maintain its origin
• allow-scripts allows JavaScript execution, and also allows features to trigger automatically
• allow-top-navigation allows the document to break out of the frame by navigating the top-level window

Top navigation is what you want to prevent, so leave that out and it will not be allowed. Anything left out will be blocked

ex.