Social Media sites preventing other sites displaying their pages in an iFrame

Question

Last week at work we noticed that if you try and display a YouTube page in an iFrame you are shown a page stating that this is not allowed. A link is shown that takes you direct to the page. We looked at other social media sites, both Facebook and Twitter also do this.

I have two questions. One how is this done? My guess is it's a check something like:

if(window != top){
  // display 'error' page
}

The other question is why is this done? My first thoughts were maybe it was to do with security but the more I've thought about it, the more I think it's a legal thing or a marketing decision.

Answer 1

Websites don't want other websites stealing their content. I remember implementing something like this as far back as in the nineties. You pretty much answered your own question. However, it is also a security issue. At least with Twitter, there used to be some malicious sites, which would do the following:

1. Make some bs website with something about tweeting or posting something, showing some kind of form.
2. Include an iframe pointing to http://twitter.com/share?text=SPAM_TEXT_HERE
3. Position that iframe into a place where a button for the bs site's form would be.
4. Scroll the iframe so that only the "Tweet" button shows from the iframe.

This way they would get people tweeting their spammy tweets.