When compiling my “week in ColdFusion” blog posts for SitePoint, I sometimes come across JavaScript “frame-busting” scripts that drive me around the bend. Let me explain…
After a long time as a FeedDemon user, I switched to Google Reader. Much as I love FeedDemon’s smart interface, I found more and more that I needed all my browser-based toys (extensions, social bookmarking tools, etc) close by. Grabbing links that I had flagged in FeedDemon to open in Firefox was slowing me down. I subscribe to over 200 feeds, so getting through them all quickly is important.
Google Reader is great, and with the Better GReader Firefox extension it’s even better (haw haw). I’m particularly a fan of the Preview button the extension adds, which lets you open the full page inline in Google reader. It’s great when working with partial feeds, like those delivered by Fullasagoog and MXNA — I can quickly check out the full post without leaving the comfort of Google Reader.
But there’s one annoying and rude “feature” of some blogs that is causing me grief — JavaScript which, on page load, checks if the site is being framed by another, and if so, busts it out into the full window. This is annoying because when I use the preview function in Google Reader, sites with this script replace my current Google Reader window with the full site in question and I lose my place in what I was doing.
I can understand why people don’t want their content being framed by another site — but people, it’s 2008, you make the content in your feeds freely available and it gets repurposed in so many ways it’s not funny. Trying to control how a site is viewed is rude and pushy, as far as I’m concerned, and it’s making it hard for me to bookmark, Digg or otherwise share the content, which is to the site’s detriment. It goes against the open and flexible nature of the semantic web.
I do acknowledge this is partially a browser issue — my browser should stop rogue sites from misbehaving in ways I don’t like. Unfortunately neither Firefox 2 nor 3 offer this level of control, the Preview Greasemonkey script does not yet include this functionality (although it has been suggested) and using a JavaScript blacklist extension like YesScript on just offending sites stops my bookmarklet tools from working on these sites as well, which really defeats the purpose.
So let’s all share the love and drop the 1999-style frame-busting scripts. How about it?
March 25, 2008 at 2:19 pm
Ooooo… I’ve just installed that Better GReader Firefox extension and I’m lovin’ it.
My solution to sites that weren’t reader-friendly was nearly always to boycott them! There were a few essentials that I kept in a separate bookmark list which I would manually visit every few weeks but otherwise, I’d rather find another source. Which goes to show how important feeds are these days.
So I suspect it’s too much to ask for Google to implement this extension-hack officially (from a legal standing for a start)?
March 25, 2008 at 5:28 pm
Hey Dom, if you like Better GReader check out Better Gmail, Better Flickr and Better YouTube on the same site… they all rock. The second version of Gmail included a lot of the enhancements that were in the Better Gmail extension for version 1 of Gmail… so I think Google are watching and listening.
I wish I could boycott the sites that mess with my browser, but I can’t afford to miss out on the valuable contributions they make… hence this post!
March 25, 2008 at 8:41 pm
I’m one of “those guys”, so let me chime in with my reasons.
First off — I added the code to BlogCFC when I discovered my site being ripped off by someone else. This wasn’t someone using my feed, but using my content within their frames and earning money off of it.
You said: “you make the content in your feeds freely available and it gets repurposed in so many ways it’s not funny” The frame busting code is NOT in my feed content at all. You can browse my feed and the entry data in the feed (I share both a ‘full’ feed with full articles and a feed with abbreviated artciesl) without being “busted”. If you wish to view the entry on my blog, however, the frame busting code will run.
I may be the ‘edge’ case here, but my blog actually generates significant income for me — so I tend to be a bit overprotective about it. ;) I’ll take a look at Google Reader. It may be worthwhile to sniff for it and not bust it.
March 25, 2008 at 8:44 pm
Odd. I added my blog to Google Reader. All my links open in a new tab for me anyway –so the frame busting doesn’t even really apply.
March 26, 2008 at 8:39 am
Hi Ray,
Your site was one of the sites I was talking about, but not the only one. Interestingly, out of over 200 feeds, it’s only 2 — Fullasagoog and MXNA — that contain blogs with frame-busting scripts. So from a wide cross section of the blogosphere, it’s only CF peeps that do this.
As I mentioned in the post, I’m using the “Preview” Greasemonkey script (part of the Better GReader Firefox extension), not plain vanilla Google Reader, and I’m not subscribed directly to your feed, I read it in Fullasagoog and MXNA where full content is not provided. I would have no hope of keeping up with all the CF feeds if I didn’t use aggregators.
I think it’s a philosophy issue. One of the core concepts of accessibility is that you don’t know how or where your content will be accessed. My approach would be to deal with content-framing offenders individually rather than using a blanket approach that potentially inconveniences everyone.
However, I acknowledge I can’t change the world so I will have to change myself… err, change my browser, myself — I’m working on another Greasemonkey script at the moment to block frame-busting JS :)
Ray, your contributions to the CF community are valuable and I would be doing a disservice to my SitePoint audience if I didn’t include them in my “Week in CF” round-ups. I post because I care!
March 26, 2008 at 11:04 pm
I’ve removed the frame buster for now. It isn’t removed from BlogCFC code itself — I’ll have to think more on it, but for now, my blog is framable. Just don’t tell anyone. Shhhhhh.
March 27, 2008 at 12:19 am
Sir, you are a Jedi and a Gentleman :)
March 27, 2008 at 5:55 pm
@Raymond — from someone on lurking side of the ColdFusion community. Thankyou.
April 1, 2008 at 1:44 pm
The other side of the site-owner monetization issue is that it can impact your earnings directly. Some ad networks flag those framed calls to your content (and therefore the ad calls) and may dispute them. Others may not serve the ads at all. I was actually thinking about re-adding a frame busting script to my largest site. Why? Google Images is my biggest referrer each month, and they pull up your page in a frameset…
But overall, I totally agree with your sentiment on this one Kay. In the age of RSS, you really need to realize that your content is being consumed in tons of different ways. But I would never have guessed that such an on-site script would present a problem without reading your complaint either. Even though the means to being inconvenienced by it are fairly round-about (using a partial feed from an aggregator and Firefox extensions to augment an online service), the underlying points is good food for thought.
September 28, 2008 at 3:48 am
Unfortunately this behavior is about to become a whole lot more common. Due to click-jacking, it’s very possible many sites will implement frame-busting scripts in order to prevent this exploit…
That is unless browser vendors find a way to fix it, and I honestly don’t see how it can be done without breaking some of DHTML core.