On Thursday, January 30, 1997, The Wall Street Journal published an article, "'Framing' Muddies Issue Of Content Ownership" (Rebbecca Quick, B8), describing a new threat to web-content developers: "Framing." Framing is the obnoxious practice in which one website embeds another website within its own frames. This is, unless given permission by the copyright holder of the "framed" website, a violation of copyright laws.
Framing causes harm to the "framed" web-developer in a number of ways. In the simplest, and most common instance, the viewer of the framed website will often be mislead into thinking it a part of the website doing the framing. In and of itself, this might not be too horrible a problem, however, as is often the case, the site doing the framing has paid advertisements in its outer frames. By framing another website, the author of the frmaing site makes money (via advertisement) from someone else's work (the framed website) without permission or compensation. This is a major basis of copyright violation.
In a more damaging instance, the decreased screen "real estate" that the framed site is viewed in can often cause any advertisements that would normally be prominently displayed towards the bottom of the page to be "bumped" out of view. This reduces the value of the website and can lead to a loss of advertisers, and thereby a loss of income, for the author of the framed site.
And what if you want to be framed? If you don't have a problem with it? Well and good. However, in most instances, the website owners will not be asked if they mind having their websites framed. Enter JavaScript...
The simplest method of insuring that your JavaScript enabled browser is not framed (if the user's browser is capable of displaying frames, it will most likely be capable of supporting JavaScript) is to add the following snippet of code to the HEAD of your HTML document (that is, between the <HEAD>...</HEAD> tags):
<SCRIPT LANGUAGE="JavaScript">
<!--
function unFrame() {
if (self != top)
top.location.href = self.location.href;
}
// -->
</SCRIPT>
...and edit your BODY tag to look as follows:
<BODY onLoad="unFrame()">
For websites that do not plan on using frames internally, this method is simple and sufficient. The above solution, however, will not work for websites that use frames. The problem with the above solution is that the script does not check to see if the site that is framing it is from the same site (i.e. it is not being "framed") or from a different site (i.e. it is being "framed").
The second solution, while a bit more complex then the first, takes care of those problems that plague the first solution, namely, being able to use frames internally. The second solution is presented below with full comments included. Like the first solution, the JavaScript code should be added to the HEAD section.
<SCRIPT LANGUAGE="JavaScript">
<!--
///////////////////////////////////////////////////////////////////////////////
//
// Function unFrame:
// Called when webpage is being framed. Load current page into top-level
// window (unFrame).
//
///////////////////////////////////////////////////////////////////////////////
function unFrame() {
top.location.href = self.location.href; // unFrame
}
///////////////////////////////////////////////////////////////////////////////
//
// Function err_handler:
// Handles all errors due to JavaScript. The only error that is possible
// from this script is one in which top.location.hostname is unreadable
// which implies that it is not of this site. So react by UnFraming.
//
// This function and the following window.onerror statement MUST preceed
// the check_If_Framed() function definition.
//
///////////////////////////////////////////////////////////////////////////////
function err_handler (msg, url, line) { // Define the error handler
unFrame(); // unFrame() this page
return true; // Do nothing (disallow warning dialog)
}
window.onerror = err_handler; // Register the error handler
///////////////////////////////////////////////////////////////////////////////
//
// Function check_If_Framed:
// Checks to see if this webpage is being framed by checking if the top
// level frame's hostname (www.hostname.dom) is the same as the current
// page's hostname. If yes, do nothing. If no, react by UnFraming.
//
///////////////////////////////////////////////////////////////////////////////
function check_If_Framed() {
if (top.location.hostname == null) { // If being "framed"...
unFrame(); // unFrame() this page
}
}
//-->
</SCRIPT>
...and edit your BODY tag to look as follows:
<BODY onLoad="check_If_Framed()">
| [Section Index] | [Home Page] |