防止儿童iframe“突破框架” [英] Preventing child iframe from "breaking out of frame"
问题描述
我正在做一些简单的网络集成工作,我正在通过使用iframe来完成。我的主窗口有一些javascript,它与我的服务器交互,将iframe重定向到所需的URL。其中一个目标页面遗憾地包含以下代码:
I'm doing some simple web integration work which I'm accomplishing through use of an iframe. My main window has some javascript which interacts with my server to redirect the iframe to the required URL. One of the target pages sadly has the following piece of code inside:
if (top.location != location) {
top.location.href = document.location.href ;
}
脚本因跨站点限制而死亡,并阻止该页面出现正确渲染。我无法修改该页面的来源(我正在整合的第三方)。
The script dies because of cross-site-cripting restrictions and prevents that page from rendering properly. I can't modify the source of that page (3rd party I'm integrating with).
我怎么能解决这个问题?
How could I work around this?
谢谢
推荐答案
这是我的第一篇文章,所以如果它不起作用,请不要丢弃我,但这个修复似乎对IE有用。
为您的框架添加security =restricted。
This is my first post so don't trash me if it doesn't work, but this fix seems to work for me in IE. Add security="restricted" to your frame.
示例:
<iframe id="frame_id" name="frame_name" security="restricted" src="page.html">
</iframe>
编辑:我找到了更好的解决方案。这不会阻止脚本,也不需要javascript。尝试使用sandbox =...
I found a better solution. That doesn't block scripts and doesn't require javascript. Try using sandbox="..."
- 允许表单允许表单提交
- 允许 - popups允许弹出窗口
- allow-pointer-lock允许指针锁定
- allow-same-origin允许文档保持其原点
- allow-scripts允许JavaScript执行,并且还允许功能自动触发
- 允许顶部导航允许文档通过导航顶部而突破框架级别窗口
- allow-forms allows form submission
- allow-popups allows popups
- allow-pointer-lock allows pointer lock
- allow-same-origin allows the document to maintain its origin
- allow-scripts allows JavaScript execution, and also allows features to trigger automatically
- allow-top-navigation allows the document to break out of the frame by navigating the top-level window
顶级导航是您要阻止的内容,因此请将其保留,不允许使用。遗漏的任何内容都将被屏蔽
ex。
<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="http://www.example.com"></iframe>
这篇关于防止儿童iframe“突破框架”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
