If you are wanting to block something like POP up ads or something coming from a website you are showing in an IFRAME - it's fairly easy.

如果您想阻止诸如 POP 广告或来自您在 IFRAME 中展示的网站的内容 - 这很容易。

Make a framefilter.phpand javascriptfilter.phpwhich your iframe points to. You can modify it to meet your needs such as the onload blah blah and etc. But as/is - it's been working fine for me for quite a while. Hope it helps.

制作您的 iframe 指向的framefilter.php和javascriptfilter.php。您可以修改它以满足您的需求，例如 onload blah blah 等等。但是按原样 - 它对我来说已经工作了很长一段时间。希望能帮助到你。

Replace your standard IFRAME HTML with this:

用这个替换你的标准 IFRAME HTML：

    <IFRAME SRC="http://www.yourdomainhere.com/framefilter.php?furl=http://www.domainname.com" WIDTH=1000 HEIGHT=500>
If you can see this, your browser doesn't 
understand IFRAMES. However, we'll still 
<A HREF="http://www.domainname.com">link</A> 
you to the page.
</IFRAME>

Framefilter.php

框架过滤器.php

        <?php

//Get the raw html.
$furl=trim($_GET["furl"]);
$raw = file_get_contents($furl);

$mydomain="http://www.yourdomainhere.com/";

//Kill anoying popups.
$raw=str_replace("alert(","isNull(",$raw);
$raw=str_replace("window.open","isNull",$raw);
$raw=str_replace("prompt(","isNull(",$raw);
$raw=str_replace("Confirm: (","isNull(",$raw);

//Modify the javascript links so they go though a filter.
$raw=str_replace("script type=\"text/javascript\" src=\"","script type=\"text/javascript\" src=\"".$mydomain."javascriptfilter.php?jurl=",$raw);
$raw=str_replace("script src=","script src=".$mydomain."javascriptfilter.php?jurl=",$raw);

//Or kill js files
//$raw=str_replace(".js",".off",$raw);

//Put in a base domain tag so images, flash and css are certain to work.
$replacethis="<head>";
$replacestring="<head><base href='".$furl."/'>";
$raw=str_replace($replacethis,$replacestring,$raw);

//Echo the website html to the iframe.
echo $raw;

?>

javascriptfilter.php

javascriptfilter.php

<?php

//Get the raw html.
$jurl=trim($_GET["jurl"]);
$raw = file_get_contents($jurl);

//Note, if trickyness like decode detected then display empty.
if(!preg_match("decode(", $raw)){

//Kill anoying popups.
$raw=str_replace("alert(","isNull(",$raw);
$raw=str_replace("window.open","isNull",$raw);
$raw=str_replace("prompt(","isNull(",$raw);
$raw=str_replace("Confirm: (","isNull(",$raw);

//Echo the website html to the iframe.
echo $raw;

}

?>

Quite an old ask, but I thought I'd offer a newer solution since this is the top result in google.

一个很老的问题，但我想我会提供一个更新的解决方案，因为这是谷歌的最佳结果。

If you want to block an iframe from opening windows, you can use the new HTML5 "sandbox" attribute on your iframe.

如果您想阻止 iframe 打开窗口，您可以在 iframe 上使用新的 HTML5“沙箱”属性。

https://developer.mozilla.org/en/docs/Web/HTML/Element/iframe

https://developer.mozilla.org/en/docs/Web/HTML/Element/iframe

This should keep it from doing anything (except running javascript which may be required for the page to function correctly):

这应该可以防止它做任何事情（除了运行页面正常运行可能需要的 javascript）：

<iframe sandbox="allow-scripts" src="your/url/here"></iframe>

Actually, this ispossible. Well at least in many cases. Often, the code in the iframe will be running something like top.window.open(...)to open a pop-up. You can redefine the window.open method so it still exists, but doesn't open a window. E.g.:

实际上，这是可能的。至少在很多情况下是这样。通常，iframe 中的代码会运行类似top.window.open(...)打开弹出窗口的操作。您可以重新定义 window.open 方法，使其仍然存在，但不会打开窗口。例如：

` window.alias_open = window.open;

` window.alias_open = window.open;

window.open = function(url, name, specs, replace) { // Do nothing, or do something smart... } `

window.open = function(url, name, specs, replace) { // 什么都不做，或者做一些聪明的事情... } `

If you still want some pop-ups to open, you can whitelist urls within the body of window.open, and call alias_openas needed.

如果您仍然希望打开一些弹出窗口，您可以将 正文中的 url 列入白名单window.open，并alias_open根据需要调用。

Setting the sandbox attribute on the IFrame element should work.

在 IFrame 元素上设置沙箱属性应该可以工作。

I don't think this is possible.

我不认为这是可能的。

• first (and most importantly), if the iframe is in a different domain, you can't change its DOM - such as the onunload handlers. If this is the case, the other two issues are moot.
• second, even if you could, you'd have to remove the listener in some way. If the listener is loaded via window.onunload, that would be simple; otherwise, not so much.
• third, in the long term this would lead to the same arms race as the frame-busting-busters

• 首先（也是最重要的），如果 iframe 位于不同的域中，则无法更改其 DOM - 例如 onunload 处理程序。如果是这样，其他两个问题就没有实际意义了。
• 其次，即使可以，您也必须以某种方式删除侦听器。如果监听器是通过 window.onunload 加载的，那就很简单了；否则，不会那么多。
• 第三，从长远来看，这将导致与破坏框架的破坏者相同的军备竞赛

The only possibility I see is non-technical in nature: check with whoever runs that site inside the iframe if they could make a special page for you, one without such onunload popup. In most cases, either

我看到的唯一可能性本质上是非技术性的：与在 iframe 中运行该站点的人核对他们是否可以为您制作一个特殊页面，一个没有这种 onunload 弹出窗口的页面。在大多数情况下，要么

• a) some special arrangement can be made (although not always for free), or
• b) removing the functionality would be a violation of the ToS, in which case you'd have to look for someone else providing similar functionality, without the pop-ups (and realistically, most services have more than a single provider)

• a) 可以进行一些特殊安排（尽管并非总是免费的），或
• b) 删除功能将违反 ToS，在这种情况下，您必须寻找提供类似功能的其他人，而没有弹出窗口（实际上，大多数服务都不止一个提供者）

I'm not sure if this would work but you could try double Iframing. Iframe the site in a free blogger account, then iframe the blogger account with a delay loading code. so the popup will occur before the page is loaded let me know if it works.

我不确定这是否可行，但您可以尝试使用双重 Iframe。在免费的博主帐户中 iframe 网站，然后使用延迟加载代码 iframe 博主帐户。所以在页面加载之前会出现弹出窗口让我知道它是否有效。

Use a modern browser- they all come with decent pop-up blocking capabilities

使用现代浏览器- 它们都具有不错的弹出窗口阻止功能