Are you using a true frameset , or an iframe pretending to be one?

I was planning to use an iframe. But I would use either to get the job done. I basically want to have a page that avoids certain sites (for example malware). When a user visits a site (using the inside frame) the url would be checked against a database of urls and if found the user would be redirected to an alternate page.

I don't think so. Browsers have cross site scripting (XSS) protection measures to prevent you from doing something like that. To combat malware, ironically, and phishing in particular.

Browsers have cross site scripting (XSS) protection measures to prevent you from doing something like that.

Can't that be controlled with a cross-domain-policy file (crossdomain.xml)?

Can't that be controlled with a cross-domain-policy file (crossdomain.xml)?

Only if you have control over the (target) domain, and in this scenario users will freely "browse the web" from the inner frame.

Is there any way to accomplish something like this or fairly similar using a different technology. All I can think of is writing a browser which is fairly non trivial to say the least.

How about a browser extension?

You could also run all traffic through a web proxy.

The web proxy is an interesting idea. I have used web proxies but I am not too familiar with them.

If I ran a web proxy could I do a domain redirect when they hit a flagged site.

Hmm after doing some research I think I am not interested in the web proxy method. It would solve the problem. I actually got the code to set one up. But after some more research it seems there is some liability in running a proxy depending on what users of your proxy do.