I have a Page with standard iframe markup

Inside the frame is Linked to a Https URL The iframe does some processing (payment info and such)

Then returns back a POST data When the processing fails most of the time it does not reload the parent(Return url, plus POST data to that URL, loads inside Iframe), and when the processing payment returns successful, most of the time it pletely reloads the parent page (Returns url, plus POST data to the Successful URL, Reloads parent to that URL)

As this is code from the secure payment, there isn't alot of things I can show.

Is there any javascript or Html attr that will make this without randomness

I have a Page with standard iframe markup

Inside the frame is Linked to a Https URL The iframe does some processing (payment info and such)

Then returns back a POST data When the processing fails most of the time it does not reload the parent(Return url, plus POST data to that URL, loads inside Iframe), and when the processing payment returns successful, most of the time it pletely reloads the parent page (Returns url, plus POST data to the Successful URL, Reloads parent to that URL)

As this is code from the secure payment, there isn't alot of things I can show.

Is there any javascript or Html attr that will make this without randomness

• javascript
• html
• iframe

• Is there a specific reason why you chose to use iframes in the first place? Why not use ajax instead? – Jason Commented Jul 7, 2014 at 20:07
• @Jason: because iframes could be much safer than ajax? – dandavis Commented Jul 7, 2014 at 20:08
• It is a hostedpay page @Jason , it was how it came with before I develop it. – vico Commented Jul 7, 2014 at 20:09
• @vico: the behavior or reloading (or not) depends on the HTML markup returned by the server. you can try to sandbox the iframe or use a CSP on the framing page. – dandavis Commented Jul 7, 2014 at 20:10
• Just as an aside, if your parent page is not also HTTPS, that can lead to some mistrust by the users. – DA. Commented Jul 7, 2014 at 20:12

2 Answers 2

End up using sandbox mode for iframe and forced stop the redirection atleast for modern browsers.

sandbox="" without allow-top-navigation will force prevent the reload

https://developer.mozilla/en-US/docs/Web/HTML/Element/iframe

If it only redirects on successful attempts and not every time, then it is most likely redirected from the server (e.g. using a redirect header, or a window.refresh) then you would have to fix your code there (if you have control over it).

If you don't have control over the server side code where the iframe is ing from, ask the owner of the API for help. If they refuse (which they will most likely do) to apply the changes you need, it will probably be due to security concerns (if the user's transaction is getting processed on another server, why is the page hosted in an iframe in your page? read about click jacking)

Either way, I would use fiddler, or any other tool you can think of to examin the contents of a successful response to verify whether the server side code is redirecting.