Javascript iFrame限制 [英] Javascript iFrame Limitations

问题描述

我知道，出于安全原因，如果iframe属于不同的域，则javascript无法读取iframe的内容。这是有道理的，因为整个页面可能是一个iframe，在框架之外有一个窥探脚本。

I know that, for security reasons, javascript can't read the contents of an iframe if it belongs to a different domain. This makes sense, given that the entire page could be an iframe with snooping scripts outside of the frame.

问题是 - 在另一个方向有相同的限制吗？ iframe（来自不同的域）中的javascript可以在其​​父窗口中读取和操作dom吗？

The question is - are there equal limitations in the other direction? Can javascript within an iframe (from a different domain) read and manipulate the dom in its parent window?

谢谢！

推荐答案

你不能。

这将是一个安全漏洞。现在每个人都疯狂地将facebook iframe添加到他们的网站，想象一下如果来自FB的javascript可以与你的页面进行交互;）

无论如何，我设置了一个小例子，并且在我尝试时获得相同的原点警告从iframe内部（在另一个域中）获取父级div

You can't.
This would be a security hole. Now that everyone is crazy adding facebook iframes to their sites, imagine if javascript from FB could interact with your page ;)
Anyway, i set up a small example, and got the same origin warning when i tried to get a parent's div from inside the iframe (which was in another domain)

这篇关于Javascript iFrame限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！