Implementing Frame Buster concept on Service Portal

lasse3
Giga Guru

on ‎07-25-2017 05:15 AM

The old content management system (CMS) of ServiceNow had a checkbox on content pages that (if checked) would cause the side to break any iframe and open the site using the entire browser window.

I needed to do this using the Service Portal instead for a customer as the service portal was loading with the nav_to.do and thus had the entire menu to the left visible after login. This was not desirable, so I looked into a Frame Buster (Also know as frame breaker or frame killer).

My approach was to create a Widget which I named "Frame Buster". In the "Body HTML template" I added the following code:

<style> html{display:none;} </style>

<script>

    if(self == top || top.location.href.indexOf('sp_config') > -1) {

            document.documentElement.style.display = 'block';

    } else {

            top.location = self.location;

    }

</script>

The rest of the fields I left with their default value.

I then added the widget at the top of the home page of the Service Portal. This will cause the Service Portal to remove the iframe by reloading the page at top level in the browser if the page is not already at the top level and only of the page is not being displayed from a URL containing sp_config. The latter is important as the Brand Editor will otherwise stop working.

I hope that you find this useful.

Improvements suggestions or comments are welcomed! 🙂

  • 2,298 Views
Comments
brittany_sorrel
Kilo Expert
‎09-14-2017 10:13 AM

This saved us a lot of headaches as we had a wizard that had to be available in the service portal.


Displayed the wizard in an iframe widget and then using the code you provided we were able to successfully redirect the user to the required catalog item / record producer, while having it not stay in the frame. Thank you so much for sharing!


0 Helpfuls
lasse3
Giga Guru
‎09-15-2017 06:05 AM

Hi Brittany,



I am very happy that this helped you out. It is nice to know that it makes a difference to share these kinds of findings.



I will be happy if you could rate, like and/or endorse the article.



Kind regards


Lasse


0 Helpfuls
Elyse Eckert1
Giga Contributor
‎11-13-2017 10:19 AM

I am so glad to have found this solution. I have used this on two projects to break out of undesired frames. On one we needed to bust out of an iFrame, and on the other we needed to break out of the "nav_to.do" that forces itself into the URL when redirecting from the console to the Portal. Your solution saved the day in both cases. Thank you so much!


0 Helpfuls
utku
Kilo Contributor
‎11-22-2017 05:58 AM

Exactly what we were looking for. We are sending a URL to our clients where they need to login first. This was causing content frame to open our portal within.


0 Helpfuls
Drew Carpenter
Tera Expert
‎12-30-2020 06:58 PM

This doesn't seem to work in Paris - any clues?

I'm pretty sure my specific issue is because we have SSO enabled. A logged out user who accesses portal and clicks "login" is taken to the login page inside the native frameset. After login, the portal is rendered nested in the native frameset.
Another caveat is that we have SPEntryPage script inactive. If we activate it, the login page is in an infinite loop.

0 Helpfuls
Version history
Last update:
‎07-25-2017 05:15 AM
Updated by: