URL masking in html

Sarah picture Sarah · Apr 14, 2014 · Viewed 10k times · Source

I have masked a URL in my html page as follows:

<head>
<base href="http://www.abc.com" />
<meta name="DESCRIPTION" content="">
<TITLE></TITLE>
</HEAD>
<FRAMESET ROWS="100%,*" frameborder="no" framespacing=0 border=0>
<FRAME SRC="https://www.xyz.com/login.htm" NAME="mainwindow" frameborder="no" framespacing="0" marginheight="0" marginwidth="0"></FRAME>
</FRAMESET>
<NOFRAMES>
</head>

The https://www.xyz.com/login.htm is an outsourced link and I do not have access to the source code. When the user clicks the login button on the page, the user is successfully logged in. On login a separate page is loaded user.htm. However, due to the masking applied (above), I see the masked URL even after login. I would like to view the original url once the user logs in. Can I prevent that?

EDIT: I got access to the login.htm file. It is now placed on my server. This file contains the login button which is not really a button but an image:

<input target="_top" type="image"  src="images/login-submit.png" align="middle" value="Connect" name="Connect"> 

Adding target="_top" to the button is not helping. How can I break out of the frame on clicking connect. Any pointers?

Answer

Quentin picture Quentin · Apr 14, 2014

Since the content is on another origin, you can't detect when the user has logged in from the frame page, so you can't do anything in response to the user logging in.

Since you have no access to login.htm (and presumably user.htm) you can't add target="_top" there either.

So no, you can't prevent it.