How to ignore framebuster script

[Jesper Rønn-Jensen]

I'm accessing an internal legacy web application that has inline code
to make sure a frameset is loaded arround the page. Very annoying when
developing... and I don't have access to the source.

Do you know of a greasemonkey script that can ignore a framebuster.
The challenge (for me, at least): It's inline javascript in the HTML
file, and it uses location.href for the redirect.

I can't figure out how to make my browser ignore this... Any thoughts
and ideas?

THanks in advance,

Jesper Rønn-Jensen
www.justaddwater.dk

[Jesper Rønn-Jensen]

Forgot to send the actual code:

<SCRIPT Language="Javascript">
var url = 'xxxxxxx'
if (parent.frames[0]) {
if (parent.frames[0].name != 'FrameMain') {
document.location.replace(url);
}
}else{
document.location.replace(url);
}
</SCRIPT>

[Tom Most]

In Greasemonkey there's no way to modify inline JavaScript before it
runs. If you really need this functionality, it is present in Opera's
User Script implementation.

--Tom

[Jesper Rønn-Jensen]

Thanks Tom.
I'll give it a try to see if I can figure it out how to do it with
Opera

[esquifit]

You do not need GM nor Opera for this task. Firefox comes with a
built-in capability for allowing/disallowing access to
properties/methods of DOM Objects on a per-site basis. It is called
Configurable Security Policies (CAPS) and it is described in [1].
Further examples and explanations are provided for example in [2] and
[3].

A short guide assuming the simplest case:

1) Close Firefox
2) Locate your profile folder [4]
3) Locate the file user.js within this folder. If it does not exist,
create it with a *text* editor (Notepad, vim, etc.), not with a 'word
processor' (MS Word, OpenOffice.org, Wordpad, etc.)
4) Add the following lines to user.js:

user_pref("capability.policy.policynames", "noframebuster");
user_pref("capability.policy.noframebuster.sites",
"http://www.annoying-site.com");
user_pref("capability.policy.noframebuster.Location.replace", "noAccess");

Of course, you will have to replace the domain with the one you want
to prevent from redirecting your frames.

5) Start Firefox.
6) Navigate to the above site and check that the location.replace hack
has been disabled. This affects only this domain and only this object
(the 'replace' method of the 'Location' DOM Object).

Please read carefully the informations about CAPS. Note in
particular, that there can be at most one line
user_pref("capability.policy.policynames", ...);
and be sure to understand how user.js and prefs.js work and how they
relate to each other.

Extra hint: in order to know the class name of a given object (in our
case 'Location' is the class name of the location object) just get a
reference X to a instance of the object in a script and look at
X.constructutor.toString(). For example:

alert(window.location.constructor.toString() ) ---> [Location]
alert(document.getElementsByTagName('A')[0].constructor.toString() )
--> [HTMLAnchorElement]
etc.

hth
e.

[1] http://www.mozilla.org/projects/security/components/ConfigPolicy.html
[2] http://kb.mozillazine.org/Security_Policies
[3] http://kb.mozillazine.org/Allowing_only_certain_sites_to_use_JavaScript#Manual_configuration
[4] http://www.mozilla.org/support/firefox/profile#locate

[Jesper Rønn-Jensen]

Esquifit:

Thanks for the tip. Will close my firefox immediately and try it

/Jesper