how to force link from iframe to be opened in the parent window when iframe is not from same domain?

Question

I have Iframe on my page of another wesbsite. But when i click on any link inside iFrame. Browser moves user to that site. How i can restrict it? That user surfs complete inside on my page? Like it is done here. http://www.hidemyass.com/

note : The iframe and parent page are not the same domain .

Details:

Suppose i have my site http://www.example.com and here after getting credentials, I want to open facebook.com in an iframe and user surfs facebook without moving to facebook.com on clicking any link.

PS. I used facebook.com just as example. I am asking it for any website.

Answer 1

To do what http://www.hidemyass.com/ is doing is impossible with just javascript, because javascript is client side. This site likely acts as a server proxy... almost, which means it requires server side communication (probably). (Likely the reason they're asking for money because they handle the traffic) You will likely need AJAX to do this which requires a server with some ability to handle and access other servers without restriction. Any free server will not do this easily and often have a policy on servers that they track communications to. So you are likely to have to pay somebody, if you aren't already. this is cheep if it's just you but the more traffic the more expensive.

That said, you can see if what sandbox mode offers is right for you.

<iframe sandbox><iframe>

To re-enable features add them to sandbox pramiters

• (no value) - - - - - - - - - - - - - - - -Applies all restrictions
• allow-forms - - - - - - - - - - - - - - Re-enables form submission
• allow-pointer-lock - - - - - - - - - - Re-enables APIs
• allow-popups - - - - - - - - - - - - - Re-enables popups
• allow-same-origin - - - - - - - - - -Allows the iframe content to be treated as being from the same origin
• allow-scripts - - - - - - - - - - - - - Re-enables scripts
• allow-top-navigation - - - - - - - - Allows the iframe content to navigate its top-level browsing context

source: w3schools

<iframe sandbox="allow-forms"><iframe>

If that does not satisfy, play with onclick and onchange events to stop users from interacting. with clickable elements or moving to other pages.

<iframe onchange="function(){\
  document.getElementsByTagName("iframe"[0].src =\
  "http://facebook.com");\
}"></iframe>

or some kind of onclick prevent default.

It's not safe in the first place so why stop there.

Access the iframe.contentDocument and search and remove all <a ... </a> tags or just the ones you want. there is some kind of remove child method you can look up to do this. if you want to be more savvy you can compare href's an see if it belongs to a foreign site.

Answer 2

You can try the code from this post: How to add click event to a iframe with JQuery

I think may You can use the .live() jquery function but may be U cannot :) I browse in internet about this case and .live() doesn't work, but .bind() must work fine :)