JavaScript iframe busting

Question

In certain conditions, I have a web page that gets opened in an iframe. When it's loaded into that iframe, I need it to set the window location to a resource to download a file (all of this in an attempt to make an update for a GreaseMonkey script... all legit, btw). Unfortunately, when I do:

top.location.href = "http://userscripts.org/...";

I get an error stating that top is null. when using "window" in place of "top", firefox loads my script text into the iframe, but GreaseMonkey is unable to detect it as an update for some reason. Is there another method to setting the window's location that I've missed somehow?

Edit: The users of my script visit a specific business's page (first). My script is loaded into that page using a firefox plugin called GreaseMonkey. My script creates an iframe on the visited page, and loads my page (second) into that iframe. GreaseMonkey then loads my script onto my page, which checks a value on my page to see if the script has been updated. If the script has been updated, I need to navigate my users away from the site that they originally visited (noted as "first"), and to another (third) site (userscripts.org). Hopefully this clears up some confusion.

Answer 1

The two locations must have the same host name (domain). You might want to be using parent instead of top.

Answer 2

You could try the following (adapted from something I use):

function checkWebPage() {
    try {
        if (top != self) {
            top.location.href = "http://userscripts.org/...";
        } else {
            self.location.href = "http://userscripts.org/...";
        }
    } catch (e) {}
}

Answer 3

I worked several times with iframe, and I found it was safer to work with the state of the document. I will pass a code with an example.

In this example I'm using jQuery, but is not necessary for functionality.

<head>
<script>
(function($) {
 $.documentCtrolState = function(d,f,t)
 {
    try{
      t=(typeof(t)=="undefined")?100:t;
      if (d.readyState=="complete") //the document has been completely loaded, successfully or unsuccessfully
         f(true);
      else
         setTimeout(function(){$.documentCtrolState.call(this,d,f,t);}, t);
    }catch(ex){
         f(false, ex);
    }
 };
})(jQuery);

$(function(){

   $myIframeRef = $(document.myIFrame);
   $myIframeRef.attr("src", "mypage.php");

   $.documentCtrolState($myIframeRef.window.document, ThenLoadIFrame, 100);

});

ThenLoadIFrame = function(state, ex)
{
   alert("State " + state);
}


</script>
</head>
<body>
<iframe src="" id="myIFrame"></iframe>
</body>

Answer 4

I finally found that GreaseMonkey offers a function "GM_OpenInTab(url)" which opens a new tab in firefox with the specified url. This allows my iframe to open a new tab with the location of the updated script for GreaseMonkey to update. While this isn't exactly the solution I was looking for, it works seamlessly with no errors.

GM_openInTab("http://userscripts.org/...") ;

Thanks to everyone for your input. It's possible that GreaseMonkey somehow sandboxes scripts to prevent that sort of behavior which could be used for malicious purposes.

~md5sum~

Answer 5

This is really lame.

var setloc = unsafeWindow; while (setloc.parent && setloc.parent != setloc) setloc = unsafeWindow.parent; setloc.location.href=url;