Javascript iFrame限制 [英] Javascript iFrame Limitations
问题描述
我知道,出于安全原因,如果iframe属于不同的域,则javascript无法读取iframe的内容。这是有道理的,因为整个页面可能是一个iframe,在框架之外有一个窥探脚本。
I know that, for security reasons, javascript can't read the contents of an iframe if it belongs to a different domain. This makes sense, given that the entire page could be an iframe with snooping scripts outside of the frame.
问题是 - 在另一个方向有相同的限制吗? iframe(来自不同的域)中的javascript可以在其父窗口中读取和操作dom吗?
The question is - are there equal limitations in the other direction? Can javascript within an iframe (from a different domain) read and manipulate the dom in its parent window?
谢谢!
推荐答案
你不能。
这将是一个安全漏洞。现在每个人都疯狂地将facebook iframe添加到他们的网站,想象一下如果来自FB的javascript可以与你的页面进行交互;)
无论如何,我设置了一个小例子,并且在我尝试时获得相同的原点警告从iframe内部(在另一个域中)获取父级div
You can't.
This would be a security hole. Now that everyone is crazy adding facebook iframes to their sites, imagine if javascript from FB could interact with your page ;)
Anyway, i set up a small example, and got the same origin warning when i tried to get a parent's div from inside the iframe (which was in another domain)
这篇关于Javascript iFrame限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!