seany123 Posted September 4, 2012 Share Posted September 4, 2012 Is is possible to embed an Iframe inside another Iframe so the 2nd Iframe thinks the referer is the first Iframe? EG. <iframe src='http://www.google.com'> <iframe src='http://www.phpfreaks.com'></iframe> </iframe> if not how else could i go about doing this? Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/ Share on other sites More sharing options...
Jessica Posted September 4, 2012 Share Posted September 4, 2012 http://forums.phpfreaks.com/index.php?topic=200925.0 Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375255 Share on other sites More sharing options...
seany123 Posted September 4, 2012 Author Share Posted September 4, 2012 http://forums.phpfreaks.com/index.php?topic=200925.0 thanks for your reply, i followed that rule already.... the title says "how" and... if not HOW else could i go about doing this? Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375260 Share on other sites More sharing options...
Jessica Posted September 4, 2012 Share Posted September 4, 2012 *headdesk* Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375261 Share on other sites More sharing options...
Jessica Posted September 4, 2012 Share Posted September 4, 2012 What you're describing doesn't make sense. No, you can't have an iframe within an iframe. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375263 Share on other sites More sharing options...
seany123 Posted September 4, 2012 Author Share Posted September 4, 2012 thats why i was asking if it was possible... i didnt know if it could be done or not, are there any more ways to change the referer? Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375272 Share on other sites More sharing options...
Jessica Posted September 4, 2012 Share Posted September 4, 2012 That's a much more sensible question. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375273 Share on other sites More sharing options...
seany123 Posted September 4, 2012 Author Share Posted September 4, 2012 Any idea for how i can "spoof" the referer then? Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375301 Share on other sites More sharing options...
ignace Posted September 5, 2012 Share Posted September 5, 2012 Here's an article describing divers methods to hide the referrer. http://lincolnloop.com/blog/2012/jun/27/referrer-blocking-hard/ Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375380 Share on other sites More sharing options...
.josh Posted September 5, 2012 Share Posted September 5, 2012 Is is possible to embed an Iframe inside another Iframe so the 2nd Iframe thinks the referer is the first Iframe? iframes will show the immediate parent page as the referring URL. So to answer your question exactly, if you have iframe content within iframe content, yes, that inner iframe will show the iframe as the referring URL. However, I suspect what you may really mean is, "Is there a way to make the 2nd iframe think the referrer is the top/parent page?" And the short answer is no. The more complicated answer is no, there's no way to make it think the referring url is the parent page, but you may possibly be able to find out that parent url, if the iframed page you want to act on, is on the same domain as the parent domain. Basically you will run into XSS issues if on different domains. But if the pages are on the same page, you can work your way up the DOM ladder to the parent page and get the url (or in case the "middle-man" iframe is diff domain, you can do top.location.href on the inner iframe). But if the inner iframe page is on different domain than the top page, only way to find that out, is to explicitly pass the top URL as a query string param to each iframe src attrib and grab it from there. In any case, this: <iframe src='http://www.google.com'> <iframe src='http://www.phpfreaks.com'></iframe> </iframe> ...is not possible, that's not how iframes work. The stuff you put between an iframe tag only gets rendered if iframes are disabled or are otherwise not renderable in the browser. Basically it's the equivalent of a noscript tag, used to show alternate content in the event that the iframe will not render. Example: <iframe src='http://www.google.com'> sorry, your browser doesn't support iframes! </iframe> This will attempt to load the contents of google.com on your page (within the iframe boundary...normally you specify height and width attribs in the tag...). But if for some reason your browser hates iframes, it will instead show that "sorry, your browser doesn't support iframes!" message. Here is an example of how a real iframe-within-an-iframe works. Make 3 pages: test.php hello from page 1! <br/> <iframe height='50%' width='50%' src='test2.php'></iframe> test2.php hello from page 2! <br/> referring url: <script type='text/javascript'> document.write(document.referrer); </script> <br/> top url: <script type='text/javascript'> document.write(top.location.href); </script> <br/> <iframe height='50%' width='50%' src='test3.php'></iframe> test3.php hello from page 3! <br/> referring url: <script type='text/javascript'> document.write(document.referrer); </script> <br/> top url: <script type='text/javascript'> document.write(top.location.href); </script> This will output something like this: In this example, all pages are on the same crayonviolent.com domain, so you can see the both referring and top url values. But lets say the pages were located at: site1.com/test.php site2.com/test2.php site3.com/test3.php You will still see document.referrer showing the url the script was included on, but the top url will no longer work. It will either display nothing or undefined depending on the browser, and you will see an access denied error thrown (XSS). But you can do for example: site1.com/test.php site2.com/test2.php site1.com/test3.php Since test3 and test are both on the same domain, you will be able to get the top url. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375508 Share on other sites More sharing options...
seany123 Posted September 6, 2012 Author Share Posted September 6, 2012 Thank you for your great reply lots of good information which im sure i can make good use of, it seems that the only way to hide the referring URL is if you have control of the files on the domain, this method wouldn't obviously work on domains which i don't own eg. PHPfreaks i was thinking maybe it could be possible to reload another URL on the same Iframe, would that work to give a different referrer URL Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375805 Share on other sites More sharing options...
Jessica Posted September 6, 2012 Share Posted September 6, 2012 Whatever site you are trying to trick probably has a rule against this. If what you were trying to do was allowed, they would have an easy way for you to do it. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375806 Share on other sites More sharing options...
seany123 Posted September 6, 2012 Author Share Posted September 6, 2012 Im not personally trying to trick any websites, i have a client who is wanting to change the referrer and has asked if i can get it done, sorry to be blunt and i don't wish to be rude but im needing help and none of your posts thus far have actually been of any help, if your not able to actually contribute to my problem then i think it would be best you didn't post. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375811 Share on other sites More sharing options...
.josh Posted September 6, 2012 Share Posted September 6, 2012 Okay well in my head, "hide the referrer" and make it "thinks the referer is the first Iframe" (from OP) are two different things. If you want to "hide" or obfuscate the referring URL from the target page, the bottom line is there is no elegant, 100% way to do this (see ignace's post for a link to what you can do). Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375847 Share on other sites More sharing options...
seany123 Posted September 6, 2012 Author Share Posted September 6, 2012 Okay well in my head, "hide the referrer" and make it "thinks the referer is the first Iframe" (from OP) are two different things. If you want to "hide" or obfuscate the referring URL from the target page, the bottom line is there is no elegant, 100% way to do this (see ignace's post for a link to what you can do). yes sorry, what im trying to do is make the referrer look like its coming from somewhere else eg google.com, i have read that article and i will read through it again, im thinking that this maybe isnt possible. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375863 Share on other sites More sharing options...
xyph Posted September 6, 2012 Share Posted September 6, 2012 Okay well in my head, "hide the referrer" and make it "thinks the referer is the first Iframe" (from OP) are two different things. If you want to "hide" or obfuscate the referring URL from the target page, the bottom line is there is no elegant, 100% way to do this (see ignace's post for a link to what you can do). yes sorry, what im trying to do is make the referrer look like its coming from somewhere else eg google.com, i have read that article and i will read through it again, im thinking that this maybe isnt possible. It's not. You're trying to change client-side behaviour with server side scripting. Even client-side code can't or shouldn't be able to do this. Messing with those kinds of headers could be a security risk. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375867 Share on other sites More sharing options...
Christian F. Posted September 6, 2012 Share Posted September 6, 2012 seany: The only way to spoof the referrer header, is to control the client which is sending the request. So your client can do this on his own computers, but not on those who are visiting the site. As Xyph stated: The server cannot do anything with the client, as it would have been a major security risk. That said: What he's trying to do sounds really dubious, and possibly part of something that can be illegal. I don't see any legit reason for why he wants the headers spoofed. As for the possible security risk, Xyph, I do hope that you agree with me in that anyone relying upon the referrer header for security is doing something wrong? My web clients don't even send this header normally, as it's purely an informative header and easily spoofed. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375892 Share on other sites More sharing options...
xyph Posted September 7, 2012 Share Posted September 7, 2012 Those kinds of headers. Not that header in particular. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375902 Share on other sites More sharing options...
.josh Posted September 7, 2012 Share Posted September 7, 2012 2 legit use cases, both SEO related: 1) When you link to another site, you are giving that site "power" in search engine rankings. Search engine bots crawl your site and see links to xyz.com and it increase's xyz.com's rankings. To an extent, it also hurts your ranking, because it puts you more into "middleman" territory, which is BAD, especially since link exchange/farms sites utterly ruined that territory for everybody else. In short, you are flagging yourself as a site that is NOT the ultimate goal of a surfer, when performing a query, which is a huge part of moving up natural search rankings. 2) You don't want other sites looking at who is referring to them...and then selling spamming the fuck out of you, or selling your info to other sites who will happily spam the fuck out of you. Also, they will see that traffic comes from you and adjust their own SEO efforts accordingly. Bid on some keywords more directly related to you, even if they don't necessarily relate to them. This can hurt you because a) you could be bidding on those same keywords, b) it may moreso pit you against them in natural search rankings. In short, websites will happily step on other websites to gain higher ground, and this sort of thing is you bending over and holding out your hands to hoist them up. Is it "bad practice" to do this? Not necessarily. Afterall, that is kind of why the "no follow" thing was added. The problem is, it doesn't really stop #2 from happening. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375918 Share on other sites More sharing options...
xyph Posted September 7, 2012 Share Posted September 7, 2012 That's one of the reasons I leave SEO to other people. It's disgustingly predatory, and something I don't want to bother competing against. User-generated content aside, it's very easy to prevent links going to the kind of sites that will dick you around. Even with user-generated content, it's quite easy to build a list of external URLs in the content and keep an eye out for bogus links (almost always from bogus users). nofollow helps with this as well. Stack Exchange links to external articles in nearly every post, yet the are constantly at the top of search results. I don't think screwing with the way your user's browser behaves is a solution to someone poisoning your content. Quote Link to comment https://forums.phpfreaks.com/topic/268003-how-to-embed-an-iframe-in-another-iframe/#findComment-1375932 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.