Hacker Newsnew | comments | show | ask | jobs | submit login

This particular bug is just as likely either way; the js must be changing window.location, there's no reason to think the iframe wouldn't change window.top.location.

IE and Chrome both have ways of restricting iframes from changing window.top.location, but I wouldn't trust them to work.

    <iframe src="http://example.com" security="restricted"></iframe>

    <iframe src="http://example.com" sandbox></iframe>


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact