unintended reloading of iframe over google image result pag

[mgt220]

This happens when I search at images.google.com
for images of "Jes Macallan" and click on one of the
results from zimbio.com ; most of the other source
pages cause no "surprises" .

I originally wrote this problem description about 2
months ago , but things haven't changed ... even
though both Firefox and noScript versions have .

In these cases , NEITHER google.com NOR zimbio.com
has my permission to execute scripts in noScript .
And I have checked "warn me when websites try to redirect ..."
on the Firefox ( Tools | Advanced | General ) tab ...
So I EXPECT that no automatic reloading will occur .
However , sometimes it does ...

I should note here that most users have google.com
among their trusted sites ; I usually do not ...
The behaviors described here are specifically for
the case when google.com is NOT a trusted site ...

A typical google image "search result" (below is part of
the URL , split apart , for one google image result)

http://www.google.com/imgres?
imgurl=http://www3.pictures.zimbio.com/mp/qWVVE09tig5c.jpg
&imgrefurl=http://www.zimbio.com/Jes%2BMacallan
... (the FULL URL was at the bottom of this message
but it tripped your spam-filter and I had to remove it)

Below (I think) is the google HTML loading the zimbio
source page containing the image ...

<iframe src="http://www.zimbio.com/Jes+Macallan"
id=il_f frameborder=0></iframe>

And below (I think) is the zimbio code that quickly reloads
their iframed-page OVER the intended "google result" page

<script type="text/javascript">
if (window.self != window.top){top.location.replace(window.location.pathname);}
var Timer = {s: (new Date().getTime()),Stack: {},add: function(n){Timer.Stack[n] = new Date().getTime() - Timer.s;}
};
</script>

There is no "warning message" ... it just "happens" .

The same behavior is seen with noScript 2.668 in Firefox 22.0 ,
and with noScript 2.6.7.1 in Firefox 23.0.1 ... which is my
current software .

The same mis-behavior also occurs with allstarpics.net
which uses this script code in the html of its page :

<script type="text/javascript">
if (window.self != window.top)
{top.location.replace(window.location.pathname);}</script>


Is this the correct behavior of the browser under the
conditions I chose ? Is there another option box to
check ... in order to BLOCK "top-loading" of <iframes> ?
IF I turn off iframes (it is on by default) , I get
just a warning in the iframe space with NO content ,
so I turned it back ON ...


Also , I'm not certain Firefox is doing exactly
what its designers intended with <iframes> ... For
instance , choosing ( View Image ) on the right-mouse
menu while hovering over an image in the iframe , you
still get the ability to toggle between the image fit
into the iframe , and the full-size image with scroll
bars in the iframe ; but the little circle with the
(+) or (-) doesn't appear (like it does in the "main"
page , with the view image option) . So , this may
be an irrelevant observation , or evidence that some
features are not fully implemented in iframes with
Firefox 22.0 or 23 ...


I should have mentioned it before , but I am using
Windows XP sp3 , patched up to date as of Aug 15 ,
with the free "security essentials" from Microsoft .
My PC is a 2005 Dell model gx620 with 4gB ram and
a 3gHz dual-core Intel processor . I have turned
off "virtual memory" (using only physical ram) in
the Windows system , and I keep an eye on memory
usage , myself . The c: drive has 50gB free ...
Otherwise , my setup is probably not unusual .


Before submitting this note I searched over a month
ago in google for this
"top.location" iframe script site:forums.informaction.com
and found only 2 (unrelated) discussions .
Currently , this search request produces no result .
I hope this is adequate searching before reporting a
"problem" ... which may just be my own uninformed
use of the software . With my apologies , if so .


I realize that this behavior is not , by itself ,
a hazard for users , but it may still indicate
a bug , either in noScript or Firefox .

Any advice or help the forum can provide will
be appreciated ... Thanks . Mark

[Thrawn]

And below (I think) is the zimbio code that quickly reloads
their iframed-page OVER the intended "google result" page

<script type="text/javascript">
if (window.self != window.top){top.location.replace(window.location.pathname);}
var Timer = {s: (new Date().getTime()),Stack: {},add: function(n){Timer.Stack[n] = new Date().getTime() - Timer.s;}
};
</script>

The snippet you posted above is a frame-busting script, designed as an anti-clickjacking feature. NoScript honors frame-busting scripts even if JavaScript is blocked.

See http://noscript.net/faq#qa7_5 to learn more about this feature and how to turn it off (if you really want to).

Before submitting this note I searched over a month
ago in google for this
"top.location" iframe script site:forums.informaction.com
and found only 2 (unrelated) discussions .
Currently , this search request produces no result .
I hope this is adequate searching before reporting a
"problem" ... which may just be my own uninformed
use of the software . With my apologies , if so .

Thanks for trying that . I don't recall seeing this raised before, so it's not surprising that the search failed. My only other troubleshooting suggestion would be to read http://noscript.net/faq before posting - but no big deal.