Member Avatar for kacprek

The problem is as follows. When I enter to some page from my site clicking the link (FF browser), I am redirected to an unwanted site. And some window pops-up where you can choose whether to stay or leave the site. When you click I want to stay, the window pops-up over again. This happens because the site have built in the following script:

var exit=true; window.onbeforeunload = function () {
var goto_url = 'http://some site';
if(exit==true){
exit=false; window.location.replace(goto_url);
return " Special Offer: Get 2 For 1 Price!"; } }

This not happens when I use IE8 browser, then everything is all right. Is there possible any solution in javascript code? Otherwise, can I block unwanted redirecting when enter to external site. I thing this must be some bug associated with FF browser.

Can somebody Help me with this problem, because I tried to find solution everywhere wihtout no luck.

“NoScript” extension is not best solution for me because I want to implement some code on my own site and prevent my users with that redirecting. Is there any other way?

thanks

  • 2 Contributors
  • 10 Replies
  • 308 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by kacprek
Member Avatar for Taywin

Try "Grease Monkey"? Also, you need to override the function in "window.onbeforeunload". If your site got redirected (hijacked), you need to clean your site now. Also, check all your code for vulnerabilities. PHP page is usually easy to XSS which results in adding malicious content to the page.

Member Avatar for kacprek

Ok, but "Grease Monkey" is working for those who got installed that extention.
I need to prevent redirect for all user that will click into the link (on my site) which is lead to external site. This problem is more much complicated.
I believe there is any solution for this.
For example, this script makes it impossible to redirect after clicking on the link to the external site. User just stay on my site when the external site try do redirect.

<script type="text/javascript">
    var prevent_bust = 0  
window.onbeforeunload = function() { prevent_bust++ }  
setInterval(function() {  
  if (prevent_bust > 0) {  
    prevent_bust -= 2
    window.top.location = 'my site.html' 
    // replace your iframe with link to it
  }  
}, 1)

</script>

So it is possible to control somehow behavior of the external site.
Now I need some modification in this script,which makes instead redirection to unwanted site, allow me to reach right one.

One more thing. The problem is that the site with this script,

var exit=true; window.onbeforeunload = function () {
    var goto_url = 'http://some site';
    if(exit==true){
    exit=false; window.location.replace(goto_url);
    return " Special Offer: Get 2 For 1 Price!"; } 
}

shouldn't redirect when I enter the site, but when I leave her.
So I'm not understand this behavior, but I need to do something, just hack this somehow.

Edited by kacprek because: n/a
Member Avatar for Taywin

Hmm... I think I misunderstand your purpose here... Let me reread the whole thing again and think a bit more... Maybe someone get to it before me. :)

So you are saying that your site contains many frames that display content from other URL (not yours)? And you want to prevent redirecting if a user click on a link inside the "frames" that will redirect the page???

Edited by Taywin because: n/a
Member Avatar for kacprek

Do not suggest this part of code

window.top.location = 'my site.html'
// replace your iframe with link to it

because I applied this code due to lack of other solutions.
I do not use frames, but if I need I'll do it.
I explain it again. I build my advertising website. On this side there are some affiliate links. Those links lead to another external site. From one side I have a little problem.
When I try to click a link leading to this site, the script inside that site causes redirecting to unwanted hidden site, and the window pops up with question (do you want leave or stay). When I click the leave button, window pops up with the same question again and again. Sometimes when I click many times I can manage enter to the right site.
That problem is not happen when I use internet explorer (ie8).
The problem occurs when I use FF version 6 and above.
I do not know the source of the problem, but I want that my users enter the site without these difficulties.
So I need some script which will cause the open right site.
One more thing. As already I enter once the right site, the problem disappears unil I delete all cookies (The problem is back again.

Finaly I can implement some php script if I need.

Member Avatar for kacprek

No one has more suggestions about this topic?

Member Avatar for Taywin

Hmm... Nope... The problem is still unclear. I understood that you have only advertising links in your page. Once a user clicks on one of those advertising link, the browser will attempt to go to the site. When this happen, your site will pop up a window asking whether or not the user wants to leave the page to go to the URL. If the user does not allow, it does nothing. Otherwise, it will redirect the page and go to the link. However, certain sites will attempt to redirect to another URL which causes your pop up window popping up non-stop. Right?

Now, my question is how do you control the link? Do you use an anchor tag? If so do you add onClick event to it?

If you are using JavaScript to control the link, you could actually use a span tag with format similar to an anchor tag. Then implement your own function to handle onClick. Use the confirm window to either accept the redirect or cancel to stay. Below is a sample I created. Don't know if it is what you are looking for...

<html>
<head>
  <style type="text/css">
  .fakelink {
    color: blue;
    text-decoration: underline;
    cursor: hand;  /* IE */
    cursor: pointer;  /* FF */
  }
  </style>

  <script type="text/javascript">
  function goTo(url) {
    var conf = confirm("Do you want to leave the site?")
    if (conf) {
      window.location = url
    }
  }
  </script>
</head>

<body>
  <h2>Sample Links</h2>
  <table style="width:90%">
    <thead>
    <tr>
      <th>Left</th>
      <th>Content</th>
      <th>Right</th>
    </tr>
    </thead>
    <tfoot>
    <tr>
      <td colspan="3" style="background-color:brown;color:cyan;font-weight:bold">Footer</th>
    </tr>
    </tfoot>
    <tbody>
    <tr>
      <td style="vertical-align:top;">
      blah<br />
      blah<br />
      blah<br />
      blah<br />
      blah<br />
      </td>
      <td style="width:70%">
      <h3>Content of whatever you want</h3>
      abcdefg hijglmnop<br />
      qrstuv wxyz<br />
      All alphabets!
      <br /><br />
      <h3>Repeat Content of whatever you want</h3>
      abcdefg hijglmnop<br />
      qrstuv wxyz<br />
      All alphabets!
      <br /><br />
      <h3>Repeat Content of whatever you want</h3>
      abcdefg hijglmnop<br />
      qrstuv wxyz<br />
      All alphabets!
      </td>
      <td style="vertical-align:top;">
      <span class="fakelink" onclick="goTo('http://www.wikipedia.org')">Site 1</span><br />
      <span class="fakelink" onclick="goTo('http://en.wikipedia.org/wiki/Spam_%28electronic%29')">Site 2</span><br />
      <span class="fakelink" onclick="goTo('http://en.wikipedia.org/wiki/Spam_%28food%29')">Site 3</span><br />
      <span class="fakelink" onclick="goTo('http://www.w3.org/html/')">Site 4</span><br />
      </td>
    </tr>
    </tbody>
  </table>
</body>
</html>
Member Avatar for kacprek

Let me clarify everything onece again.
On my site there are links as follow

<a href="http://join.site.com/signup/signup.php" target="_blank">signup site</a>

That site have build in that script inside ("join.site.com"):

var exit=true;
window.onbeforeunload = function () {   
var goto_url = 'http://fake_site.com';
if(exit==true){	
		exit=false;
 	window.location.replace(goto_url);   
 	return "   Special Offer: Get 23 Sites For 1 Price!";
}
}

When user is click my link "signup site" instead reach "join.site.com" he is redirected to a "fake_site.com"
and he can make choice with the window pops up (want live or not).
If he is lucky finaly he will be redirected to the right site ("join.site.com") if he will clicks a lot of times the "leave" button.
It is undesirable thing that occurs only in the FF browser 6.0 and higher (I don't know why).
The site admin don't know what's up, and nothing can do.

My question now is, if I can somehow prevent the redirecting to the fake site with any script?


For exemple this script can only make that users stay on my site, when external site causes redirection.

<script type="text/javascript">
    var prevent_bust = 0
    window.onbeforeunload = function() { prevent_bust++ }
    setInterval(function() {
    if (prevent_bust > 0) {
    prevent_bust -= 2
    window.top.location = 'my site.html'
    // replace your iframe with link to it
    }
    }, 1)
     
    </script>

But I want to reach "join.site.com" finaly.

Sorry for my bad english, and thanks for you interesting.

Member Avatar for Taywin

Err... What you are trying to fix is not really your problem. Besides, even though you could fix from your side, it will happen on others still. The real cause if from the site is being hijacked. The most possible reason is from XSS which has already injected malcontent of javascript to the page. This is very common for those who code web pages in PHP. It is very easy to find a loop hole in PHP page and inject malcontent via XSS.

The reason why it doesn't happen to IE because the script contains certain commands that do not work on IE; as a result, the redirecting script on the site stop working and let the page to go to the correct URL.

The site admin needs to clean the whole site and look for vulnerabilities from XSS as I stated in my earlier post. A simple way to check the malcontent of script is to disable JavaScript on your browser, and then go to the site. After that, use "view source" to get the content and compare it with the what supposed to be. Check this site http://ha.ckers.org/xss.html for various form of XSS attack. There could be more out there by now.

Member Avatar for kacprek

No this is not because xss attack. Redirected Page is from the same domain. The point is that the redirection should occur when user wants to leave the page (It is the author's intended purpose). Whereas this happens when the user enters the page from my link.
Anyway i found this php code which can filter outside sites

$page = file_get_contents('URL HERE');// use CURL if possible, this is not a good piece of code

echo strip_javascript($page, 0);// 0 = allow no javascript

function strip_javascript($filter, $allowed=0){
if($allowed&1 == 0) // 1 href=...
$filter = preg_replace('/href=([\'"]).*?javascript:.*?\\1/i', "'", $filter);

if($allowed&2 == 0) // 2 <script....
$filter = preg_replace("/<script.*?>.*?<\/script>/i", "", $filter);

if($allowed&4 == 0) // 4 <tag on.... ---- useful for onlick or onload
$filter = preg_replace("/<(.*)?\son.+?=\s*?(['\"]).*?\\2/i", "<$1", $filter);
return $filter;
}

But at this moment I don't know how to implement that in my situation.
I would like that it is javascript code rather than php.
Any more idea?

Thanks

Edited by kacprek because: n/a
Member Avatar for kacprek

I found more codes but I don't know what they do exactly.
For example:

<script type="text/javascript">
if(top != self) {
 top.onbeforeunload = function() {};
 top.location.replace(self.location.href);
}
</sript>
<script type="text/javascript">
<!-- 
if (parent != self  && !/^http:\/\/((www\.)|())my sit here\.pl/.test(top.location.href)) top.location.replace(self.location.href);
// -->
</script>
<script>
javascript:void(d=document);if(frames.length){alert('Script%20doesn/'t%20work%20in%20frames');}else{while((el=d.getElementsByTagName('script')).length){el[0].parentNode.removeChild(el[0]);};onerror=function(){};d.close();}
</script>
Edited by kacprek because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.