Javascript 如何阻止frame buster破坏WordPress自定义页面?
请看一个简单的framebuster:Javascript 如何阻止frame buster破坏WordPress自定义页面?,javascript,wordpress,framebusting,Javascript,Wordpress,Framebusting,请看一个简单的framebuster: <script type="text/javascript"> if (top.location != self.location) { top.location = self.location.href; } </script> 如果(top.location!=self.location){ top.location=self.location.href; } 然而,它似乎工作得太
<script type="text/javascript">
if (top.location != self.location) {
top.location = self.location.href;
}
</script>
如果(top.location!=self.location){
top.location=self.location.href;
}
我对这两种解决方案都很满意,但我不知道如何实现它们。任何帮助都将不胜感激。因此显然top.location有一个名为pathname的字段,其中包含不带域的URL。通过检查该字段,我可以排除特定的管理员页面
<script type="text/javascript">
function parentIsEvil(parent) {
var html = null;
try {
var doc = top.location.pathname;
} catch(err){
// do nothing
}
console.log(doc);
return(doc != "/wp-admin/customize.php");
}
console.log(canAccessParent());
if (top.location != self.location && parentIsEvil()) {
top.location = self.location.href;
}
</script>';
函数parentIsEvil(父级){
var html=null;
试一试{
var doc=top.location.pathname;
}捕捉(错误){
//无所事事
}
控制台日志(doc);
返回(doc!=“wp admin/customize.php”);
}
log(canAccessParent());
如果(top.location!=self.location&&parentIsEvil()){
top.location=self.location.href;
}
';
更新:我添加了检查跨域并捕获任何错误的解决方案。您可以使用
wp\u customizeis\u user\u logged\u in<?php if ( ! ( isset( $_GET[ 'wp_customize' ] ) && is_user_logged_in() ) ): ?>
<script type="text/javascript">
if (top.location != self.location) {
top.location = self.location.href;
}
</script>
<?php endif; ?>
如果(top.location!=self.location){
top.location=self.location.href;
}
(top.location!=self.location&&top.location.href!='http://www.example.com/page.html“)