为什么一个自引用的iframe不是无限循环的,会导致我的机器崩溃? [英] Why does a self-referencing iframe not infinitely loop and crash my machine?
问题描述
我用 iframe
创建了一个简单的HTML页面,其中 src
属性引用了包含页面 - 换句话说一个自引用iframe。
this.html
< HTML>
< head>< / head>
< body>
< iframe src =this.html/>
< / body>
< / html>
为什么这不是无限循环,并导致浏览器崩溃?另外,为什么IE甚至没有崩溃呢?
(注意:这是关于使用iframe解决问题的优点和缺点的小组讨论。 ,镜像的镜子)。解决方案
W3C在1997年解释了如何实现框架实现HTML框架:
任何试图将其祖先使用的URL分配给其SRC的框架都被视为根本没有SRC URL(基本上是一个空白框架)。
Iframe递归错误/攻击历史记录
正如kingdago在上面的评论中发现并提到的那样,在1999年 中,一个错过实施保护措施的浏览器是 Mozilla 。引用其中一位开发人员:
这是一个奇偶校验错误(可能会造成尴尬),因为MSIE5
doesn'这些类型的页面有问题。
我决定进一步研究这个问题,结果发现在 2004 发生了再次。然而,这一次是 JavaScript :
这是代码,是什么原因造成的:< iframe name =productcatalog
id =productcatalogsrc =page2.htm>< / iframe>紧接着
a脚本:
frames.productcatalog.location.replace (frames.productcatalog.location
+ location.hash);
...
实际结果:父窗口被递归加载到
iframe中,导致有时会崩溃。
预期结果:只需在Internet Explorer中显示即可。 p>
然后再次 2008年与火狐2 (这也涉及到JavaScript)
在 2009 中的bugzilla.mozilla.org/show_bug.cgi?id=530258 \">again 。这里有趣的部分是这个错误是仍然打开和这个附件: https://bugzilla.mozilla.org/attachment.cgi?id=414035 $ c $ (你会抑制你的好奇吗?)仍然会崩溃/冻结你的Firefox(我只是测试它,我几乎崩溃了整个Ubuntu)。在Chrome中,它只是无限期地加载(可能是因为每个标签都在一个单独的进程中)。
至于其他浏览器:
I created a simple HTML page with an iframe
whose src
attribute references the containing page -- in other words a self-referencing iframe.
this.html
<html>
<head></head>
<body>
<iframe src="this.html" />
</body>
</html>
Why does this not infinitely loop and crash my browser? Also, why doesn't even IE crash at this?
(Note: This spawned from a team discussion on the virtues and demerits of using iframes to solve problems. You know, the 'mirror of a mirror' sort.)
W3C took care of that in 1997 explaining how frames should be implemented in "Implementing HTML Frames":
Any frame that attempts to assign as its SRC a URL used by any of its ancestors is treated as if it has no SRC URL at all (basically a blank frame).
Iframe recursion bug/attack history
As kingdago found out and mentioned in the comment above, one browser that missed to implement a safeguard for this was Mozilla in 1999. Quote from one of the developers:
This is a parity bug (and a source of possible embarrasment) since MSIE5 doesn't have a problem with these kinds of pages.
I decided to dig some more into this and it turns out that in 2004 this happened again. However, this time JavaScript was involved:
This is the code, what causes it: <iframe name="productcatalog" id="productcatalog" src="page2.htm"></iframe> directly followed by a script with this in it: frames.productcatalog.location.replace(frames.productcatalog.location + location.hash);
...
Actual Results: The parent window gets recursively loaded into the iframe, resulting sometimes in a crash.
Expected Results: Just show it like in Internet Explorer.
Then again in 2008 with Firefox 2 (this also involved JavaScript).
And again in 2009. The interesting part here is that this bug is still open and this attachment: https://bugzilla.mozilla.org/attachment.cgi?id=414035
(will you restrain your curiosity?) will still crash/freeze your Firefox (I just tested it and I almost crashed the whole Ubuntu). In Chrome it just loads indefinitely (probably because each tab lives in a separate process).
As for the other browsers:
- In 2005 Konqueror had a bug in it's safeguard that allowed to render iframes one inside another (but it seems that somehow it wasn't freezing/crashing the whole app).
- IE6, Opera 7.54 and Firefox 0.9.3 are also reported to be susceptible to attacks basing on iframe recursion.
这篇关于为什么一个自引用的iframe不是无限循环的,会导致我的机器崩溃?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!