You want people to visit your site rather than be hijacked by the Digg bar? Here’s how. Digg updated their site to keep you on it. Basically all links now are served within an IFRAME and links are given as hashed Digg URLs …

Edit: WordPress Frame Breaker plugin now available here.

remove the Digg bar from your site

Remove Digg bar from your website

Digg for freedom?

Years back, aeons in internet time (gah can’t believe I wrote that), people used frames so that a single website navigation page could be used. This also meant you could hijack other peoples content and serve it within the frames on your website. This, or something very like it, worked then and still works now to get out of other peoples frames (aka “frames jailbreaking” back in the day):

window.onload = function() {
if (top.location != location) {
top.location.href = document.location.href ;
}
}

Google Images has been framing pages for a long time, now Digg (and others) are getting in on the act as it keeps you under the control of the parent frame. Indeed if a website wishes they can even issue countermeasures (below) to prevent the current technique .. but don’t tell Digg, please!

Only get out of other people’s jails

You can if you prefer serve the frame breaker javascript only to pages accessed from outside your site, eg by sniffing the referer header. This is what I’m doing on this site, applying this to my header.php file in my template (I’ll try and make a plugin for it if there’s demand):

<?php
// frame breaker code for , eg, Digg, Google Images
// if the server name is not in the referer address field
// serve the javascript for frame breaking
if(!stristr($_SERVER[‘HTTP_REFERER’], $_SERVER[‘SERVER_NAME’])) {
echo ‘<script language=”javascript” type=”text/javascript”>
//<![CDATA[
window.onload = function() {
if (top.location != location) {
top.location.href = document.location.href ;
}
}
//]]>
</script>’;
}
?>

Works for Ow.ly too

Frame breakers work on Digg, Ow.ly (a URL shortener, try it: remove Ow.ly frame), Google Images, … Let us know where else you’ve found this useful.

Frame breaking countermeasures for evil webmasters

Unfortunatley there are a few ways.

First for IE. Microsoft Internet Explorer has a proprietary attribute called security setting this attribute to “restricted” means that the page loaded into the IFRAME can’t execute javascript (and presumably other things like ActiveX):

<iframe src=”http://example.com/page/” security=”restricted”></iframe>

Some call this framebreaker-breaker script (source). Basically it’ supposed to prevent execution of framebreaker code within the child frames, I’ve not yet tested this script, YMMV.

// Frame Breaker script:

function frame_breaker() {
if (top != self) {
top.location.href = location.href;
}
}

// Anti Frame Breaker script in script tags in head section of parent
function StopLoading() {
if (!document.all) {
window.stop();
} else {
window.document.execCommand(‘Stop’);
}
}

Then just add an onload event handler to the iframe in which your serving pages that may want to get out, like this:

<iframe onload=”StopLoading()” src=”http://www.someaddress.com”>

I’ve seen elsewhere an off-the-cuff remark that the parent frame (top) can set top = null and prevent the child frame from determining the browsers top frame href value. Again not tested this but it appears to be valid in concept, YMMV.

If you have any info about breaking the breakers of frame breakers (!) please let us know in the comments.

Problems with framebreaking

This code looks at the location of the top window and if needed reloads your page as the top window loaction. This means the page has to be retrieved from your server again. Caching should mean it’s quicker the second time however.

Visitors will see the page reload automatically and change in appearance. The uninitiated will probably be a bit put off by this.

For some sites a frame-wrapper is used when administrating and applying this sort of javascript will kill the ability of the admin code to wrap your site. This is reported to be the case for Blogger that uses a top bar, not unlike the Digg bar, for admin purposes.

The alternative – keep the Digg bar

you could just keep it

Your alternative is to reduce your sites stickiness and leave people on Digg. That may work out for you if you have a lot of Digg bait and find that visitors from Digg stick around.

Or not … If you’ve not got a lot of FAIL videos, lolcats and poorly conceived political ideas on your site then a Digg-er is likely to hit the “random” button on Digg and get whisked away.

Also, if (heaven forfend) that your content is lame but your linkbaiting is getting lots of people on to your site then reducing their exit options will likely improve your bounce rate and ad revenue.

If you’re bothered at all about SEO and getting more links to your website then you need this code – feel free to ask questions in the comments, I’ll be back later to answer them.