Rahul Arora

Break out of frame with JavaScript Framekiller

JavaScript Framebreakers

HTML frames have the capability to show one webpage embedded inside the other webpage. Sometimes this ability of frames gives advantage to external sites that put your sites in frames, paste their ads on the parent webpage and try to cash your hard-worked content. It is popularly known as Clickjacking.

It’s obvious, everyone would hate to see someone else earning conversions and clicks from their very own content.

If you don’t want your website to get misused like that, and you don’t want other people to put your site in their frames, you should make use of JavaScript Frame Breaking, also known as Framekiller aka Framebreaker aka Framebuster.

JavaScript Framebreakers

A Framebreaker script basically prevents frames from external websites to display the target website without permission, often as part of clickjacking attack. JavaScript Framebreaker script detects such clickjacking and breaks the frame when that external website is loaded and redirects the visitor to the target website.

You need to put the frambreaker script in the <head> section of your webpage, save the changes and leave the rest of the things on the script.

Classic older version of JavaScript Framebreaker

<script type="text/javascript">
  if(top != self) top.location.replace(location);

Above is the first version of JavaScript frambreaker which is simple, 3-line code. However, experts found this little script limited and propounded a new version in 2010.

Modern Framebreaker

The logic of the new Framebreaker script is to disable presentation (display) of the page by default and enable it only in top location.

<style> html{display : none ; } </style>
   if( self == top ) {
       document.documentElement.style.display = 'block' ; 
   } else {
       top.location = self.location ; 

However, I found the older one simple to use and implement, as I don’t want to mess up with the presentation. The modern Framebraker would create disasters in non-JavaScript browsers and keep on disabling the presentation of the webpage.

About the author

I'm Rahul Arora. I'm a Web developer, with expertise in CSS3, JavaScript, and WordPress. More about me →