Hello!
I have many .html files. They contain unchanged information as: quarterly reports, annual reports, term of services,... I don't use PHP because of server load problem.
Most of them ( .html files) is inserted into
http://mydomain.com/index.php as iframe.
Recently, I found other websites "borrowing" my files into their iframe. I tried to make a barrier (using some JavaScript lines in .html files) and I failed.
An example my .html file: myreport.html
Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>My report</title>
<script type="text/javascript">
//var myID = location.hostname;
var myID = parent.window.location.href
var mydomain =/mydomain/gi;
var mymatch = myhref.match(mydomain);
if (mymatch==null || mymatch=='') {
alert('Please go to http://mydomain.com');
}
// or
if (location.href!=top.location.href) {
alert('Please go to http://mydomain.com');
}
</script>
<body>
.... (my report here)...
</body>
</html>
Everything was not OK as I expected. Alert didn't work when my .html files was inserted into orther sites. I tested with
mytestdomain.com and Firefox's Error Console (Ctr + Shift + J) said "
Error: Permission denied to get property Location.href Source File: http://mydomain.com/myreport.html Line: 10".
I think the browser prevent XSS access. So, JavaScript cannot get parent window URL from other domain. I could not explore which domain / site inserted my files with JavaScript.
My .htaccess file is too big. I don't want to you it.
Please help me using JavaScript to prevent others to get my .html files. I want to use JavaScript in these files.
Any suggestions or help will be appreciated. Thanks a lot.
Join the friendly bunch on IRC...
I cannot get domain / url from an html page
Linear Mode
