There is always, unfortunately, a way to get around staff killers because of how they work. (However, a site that is created in a frame can usually display a warning).
See Jeff Atwood " disturbing revelation ."
A few excerpts of choice:
If an evil website solves this to create your website, you will be framed. Period. Exposing the frame is nothing more than a false sense of security; he does not work.
Frame search code (from a linked call):
<script type="text/javascript"> var prevent_bust = 0 window.onbeforeunload = function() { prevent_bust++ } setInterval(function() { if (prevent_bust > 0) { prevent_bust -= 2 window.top.location = 'http://server-which-responds-with-204.com' } }, 1) </script>
This code performs the following actions:
increases the counter every time the browser tries to leave the current page through the window.onbeforeonload event handler
sets a timer that starts every millisecond through setInterval (), and if he sees that the counter is incrementing, changes the current location to the attacker control server
the server serves a page with an HTTP status code of 204, which does not force the browser to move anywhere
Jon hadley
source share