Geek Answers Handbook

How to detect a click inside an iframe (cross-domain)? Aka prevent click fraud

I received a warning from a click fraud advertising system provider. No additional information, all they recommend is "hide ads for users who quickly click on ads." I wrote a fragment of a JS script that hides all DIVs with ads for N seconds (using cookies) when clicked, but this solution does not work, because the "internal" content (with ads) is created by a JS script that calls and displays content from an external server (as you would expect from an ad system). Thus, when you take into account cross-domain security, it looks like Catch 22. How can I detect a click inside a DIV (locally defined), what content is displayed by external JS and iframe?

Example:

<div class="ad-class"> <!-- locally defined div -->
   <div id="my-id"> </div> <!-- identifies my ad in the provider system -->
   <script>
      var foo = blah // declares the ad dimensions and stuff
      //  and renders the contextual ad in #my-id DIV
   </script>
</div>

If everything was local, the solution would be easy, since the inner div would inherit the parent class ("ad-class"). In the case of a cross domain, this is not valid. Any tips guys?

+6
source share
5 answers

You cannot detect click events in a cross-domain iframe.

Thus, you may have one bad option:

One of the closest things you can do is to find that the focus has moved from your window to the iframe:

window.focus(); //force focus on the currenct window;
window.addEventListener('blur', function(e){
    if(document.activeElement == document.querySelector('iframe'))
    {
        alert('Focus Left Current Window and Moved to Iframe / Possible click!');
    }
});

http://jsfiddle.net/wk1yv6q3/

However, this is unreliable, free focus does not mean a click, it can be moved by the user through the website using TAB.

, , iframe, , , , .

+7

Luizgrs :

var clickIframe = window.setInterval(checkFocus, 100);
var i = 0;

function checkFocus() {
  if(document.activeElement == document.getElementById("ifr")) {
  	console.log("clicked "+(i++));
  	window.focus();
   }
}
<!DOCTYPE html>
<h2>Onclick event on iframe</h2>
<iframe src="https://www.brokenbrowser.com/" id="ifr"></iframe>

, iframe , , iframe. , , .

POC 2- iframe click-jacking. , iframe, , .

+5

, WordPress. , , - , , Adsense iframe. , PHP. Python Django. - , .

0

iframe, .

iframe , mouseover, script, 'cfmonitor'. iframe, , .

// IFRAME ACTION
    function iframeAction () {
        jq.each(jq.cfmonitor.iframes, function(index,element) {
            frameID = jq(element).attr('id') || false;
            if (frameID) initiateIframe(frameID);
            //alert (frameID);
        });
    }

    // INIT IFRAME
    function initiateIframe(elementID) {
        var element = document.getElementById(elementID);
        // MOUSE IN && OUT
        if (element) {
            element.onmouseover = processMouseOver;
            element.onmouseout = processMouseOut;
            //console.log("mouse on out");
        }
        // CLICKS
        if (typeof window.attachEvent !== 'undefined') {
            top.attachEvent('onblur', processIFrameClick);
        }
        else if (typeof window.addEventListener !== 'undefined') {
            top.addEventListener('blur', processIFrameClick, false);
        }
}

// IFRAME CLICKS
    function processIFrameClick() {
        // ADD A CLICK
        if(isOverIFrame) {
            //addClick();
            // Some logic here to hide the class 'cfmonitor'
            //console.log("Go");
            top.focus();
        }
}
0
source

Check it out, it can help. You cannot detect a click event when its cross-browser.

window.focus();
window.addEventListener('blur', function(e){
  if(document.activeElement == document.getElementById('Your iframe id'))
   {
    console.log('iframe click!');
   }
});
0
source

More articles:


All Articles