Notifications
Clear all

How to prevent linking to another http(s) website within the iFrame

5 Posts
2 Users
0 Reactions
23 Views
Posts: 2
Topic starter
(@mos_dave)
New Member
Joined: 3 days ago

Hi Michael,

How can we block a call after page=// that starts with http or https

Any external URL after the domain must be blocked

So this must NOT be possible to reach.

https://extravestiging.nl/webshop/?page=//https://ipv4.icanhazip.com/

and another example

https://extravestiging.nl/webshop/?page=//https://www.tinywebgallery.com/blog/forum/recent

Please let us know how to block this linking to external URL's

Kind Regards,

Dave Everaers
Marti Orbak Software

4 Replies
TinyWebGallery
Posts: 923
Admin
(@admin)
Prominent Member
Joined: 16 years ago

Hi,

To prevent this you can specify key,url pairs. Not sure this is feasible to specify all your urls here. 

If you like a custom solution for this please contact me.

Best regards, Michael

 

 

Reply
Posts: 2
Topic starter
(@mos_dave)
New Member
Joined: 3 days ago

Hi Michael, 

We want a kind of whitelist.

The url is like:

https://bakkerboer.nl/webshop/?page=/assortiment

What we want to allow is:

?page=/assortiment
?page=/aanbiedingen
?page=/CheckoutShoppingCart
?page=/CheckoutSignOn
?page=/CheckoutOrderDeliveryMethod
?page=/CheckoutPickupLocation
?page=/CheckoutPickupDateTime
?page=/CheckoutPaymentMethod
?page=/CheckoutOrderSummary
?page=/CheckoutPaymentMollieAPI

And maybe more in the future.

With this whitelist we want to prevent to load other sites within the iframe

So this must NOT be possible:

https://bakkerboer.nl/webshop/?page=//https://www.tinywebgallery.com/blog/advanced-iframe

 

Kind Regards,

Dave Everaers

 

Reply
TinyWebGallery
Posts: 923
Admin
(@admin)
Prominent Member
Joined: 16 years ago

Hi, 

you can configure this already . You can specify key value pairs. If key=value then only this ones are allowed.

Does this solve your problem?

Best regards, Michael

 

 

Reply
TinyWebGallery
Posts: 923
Admin
(@admin)
Prominent Member
Joined: 16 years ago

It is actually the same setting:

You can map an url parameter value pair to an url or pass the url directly which should be opened in the iframe. If you e.g. have a page with the iframe and you like to have different content in the iframe depending on an url parameter than this is the setting you have to use. You have to specify this setting in the following syntax "parameter|value|url" e.g. "show|1| https://www.tinywebgallery.co m". If you than open the parent page with ?show=1 than https://www.tinywebgallery.com is opened inside the iframe. You can also specify several mappings by separating them by ','.

you should not use reserved words: https://codex.wordpress.org/Reserved_Terms

so page is not good.

So one example with 2 elements with "show" is

show|/assortiment|/assortiment,show|/aanbiedingen|/aanbiedingen

?show=/assortiment will then link to /assortiment only

Best regards, Michael

 

Reply