Blocking iframes

Discussion in 'other software & services' started by Gullible Jones, Feb 21, 2013.

Thread Status:
Not open for further replies.
  1. A lot of malware seems to be spread by iframes embedded hostile content; and off the top of my head, I can count one single website I know of that uses iframes legitimately (that would be WineHQ). I'm thinking it would be high time to start blocking these things.

    I figure Privoxy should be able to do the job easily, for HTML iframes on plain HTTP pages... But what about JS generated iframes?

    Alternatively, for browser-based blocking - I know Firefox/Noscript can handle this, but what about other browsers? Chrome? Opera? IE?
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    If you have Pro version or higher of Windows...

    Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching applications and files in an IFRAME

     

    Attached Files:

  3. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
    So if we answer the query by internet explorer correctly we will be safe from malicious iframes right?
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Opera lets you control frames globally:

    opera_frames.jpg

    and per site:

    opera_frames2.jpg

    ----
    rich
     
  5. JeffreyCole

    JeffreyCole Developer

    Joined:
    Dec 29, 2012
    Posts:
    433
    Ad Muncher handles this well.

    It blocks many forms of malicious iframes, even ones generated by scripts but without causing any collateral damage.

    I.E. the sites you want to work, will work, but you'll be protected at the same time.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Quite a few sites I frequent, use them. Here is time.com:

    opera_iframes.gif


    ----
    rich
     
  7. Thank you very much for the answers. :)

    Edit: NY Times works for me without iframes in Opera. Maybe because I don't have a subscription? Or maybe because they only use them for ads...
     
    Last edited by a moderator: Feb 22, 2013
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I turned off i-frames on time.com and two advertisements and several banners did not display. Everything else is functional. The banners are for content on other parts of the web site.

    All of these i-frames are loaded via a script, so when I disable javascript on time.com, the i-frames don't display, even though turned on in the site Preferences.


    ----
    rich
     
  9. Hmm. Is it possible to block JS-based iframes in Adblock Plus?
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    As per the example by Rmus in post #4, I tried those settings and Ghostery doesn't work, even after I allowed javascript for individual sites.

    So I have allowed, globally. A risk, no doubt! ;)
     
Loading...
Thread Status:
Not open for further replies.