为什么一个自引用的iframe不是无限循环的，会导致我的机器崩溃？ [英] Why does a self-referencing iframe not infinitely loop and crash my machine?

问题描述

我用 iframe 创建了一个简单的HTML页面，其中 src 属性引用了包含页面 - 换句话说一个自引用iframe。

this.html

 < HTML> 
< head>< / head> 
< body> 
< iframe src =this.html/> 
< / body> 
< / html> 
  

为什么这不是无限循环，并导致浏览器崩溃？另外，为什么IE甚至没有崩溃呢？

（注意：这是关于使用iframe解决问题的优点和缺点的小组讨论。 ，镜像的镜子）。解决方案

W3C在1997年解释了如何实现框架实现HTML框架：

任何试图将其祖先使用的URL分配给其SRC的框架都被视为根本没有SRC URL（基本上是一个空白框架）。

---

Iframe递归错误/攻击历史记录

正如kingdago在上面的评论中发现并提到的那样，在1999年 中，一个错过实施保护措施的浏览器是 Mozilla 。引用其中一位开发人员：

这是一个奇偶校验错误（可能会造成尴尬），因为MSIE5
doesn'这些类型的页面有问题。

我决定进一步研究这个问题，结果发现在 2004 发生了再次。然而，这一次是 JavaScript ：

这是代码，是什么原因造成的：< iframe name =productcatalog
id =productcatalogsrc =page2.htm>< / iframe>紧接着
a脚本：
frames.productcatalog.location.replace （frames.productcatalog.location
+ location.hash）;

...

实际结果：父窗口被递归加载到
iframe中，导致有时会崩溃。

预期结果：只需在Internet Explorer中显示即可。 p>

然后再次 2008年与火狐2 （这也涉及到JavaScript）

在 2009 中的bugzilla.mozilla.org/show_bug.cgi?id=530258 \">again 。这里有趣的部分是这个错误是仍然打开和这个附件： https://bugzilla.mozilla.org/attachment.cgi?id=414035

---

至于其他浏览器：

• 在 2005 Konqueror 有一个安全漏洞呈现内部框架一个在另一个（但它似乎不是冻结/崩溃整个应用程序）。


• IE6，Opera 7.54和Firefox 0.9.3也都报道易受基于iframe递归的攻击。<​​/ li>
  

I created a simple HTML page with an iframe whose src attribute references the containing page -- in other words a self-referencing iframe.

this.html

<html>
<head></head>
<body>
<iframe src="this.html" />
</body>
</html>

Why does this not infinitely loop and crash my browser? Also, why doesn't even IE crash at this?

(Note: This spawned from a team discussion on the virtues and demerits of using iframes to solve problems. You know, the 'mirror of a mirror' sort.)

解决方案

W3C took care of that in 1997 explaining how frames should be implemented in "Implementing HTML Frames":

Any frame that attempts to assign as its SRC a URL used by any of its ancestors is treated as if it has no SRC URL at all (basically a blank frame).

---

Iframe recursion bug/attack history

As kingdago found out and mentioned in the comment above, one browser that missed to implement a safeguard for this was Mozilla in 1999. Quote from one of the developers:

This is a parity bug (and a source of possible embarrasment) since MSIE5 doesn't have a problem with these kinds of pages.

I decided to dig some more into this and it turns out that in 2004 this happened again. However, this time JavaScript was involved:

This is the code, what causes it: <iframe name="productcatalog" id="productcatalog" src="page2.htm"></iframe> directly followed by a script with this in it: frames.productcatalog.location.replace(frames.productcatalog.location + location.hash);

...

Actual Results: The parent window gets recursively loaded into the iframe, resulting sometimes in a crash.

Expected Results: Just show it like in Internet Explorer.

Then again in 2008 with Firefox 2 (this also involved JavaScript).

And again in 2009. The interesting part here is that this bug is still open and this attachment: https://bugzilla.mozilla.org/attachment.cgi?id=414035 (will you restrain your curiosity?) will still crash/freeze your Firefox (I just tested it and I almost crashed the whole Ubuntu). In Chrome it just loads indefinitely (probably because each tab lives in a separate process).

---

As for the other browsers:

• In 2005 Konqueror had a bug in it's safeguard that allowed to render iframes one inside another (but it seems that somehow it wasn't freezing/crashing the whole app).
• IE6, Opera 7.54 and Firefox 0.9.3 are also reported to be susceptible to attacks basing on iframe recursion.

这篇关于为什么一个自引用的iframe不是无限循环的，会导致我的机器崩溃？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！