如何使用JavaScript将XML发布到iframe [英] How to post XML to an iframe with JavaScript

问题描述

基本上我想将XML（带有Content-Type text / xml）发布到URL并直接在浏览器中显示输出。这必须在iframe中完成。

Basically I want to post XML (with Content-Type text/xml) to an URL and display the output directly in the browser. This has to be done in an iframe.

是否可以将XML发布到iframe？换句话说，Post-Request的Content-Type是否可以更改为text / xml？如有必要，PHP4也可用。

Is it possible to post the XML to an iframe? In other words, can the Content-Type of the Post-Request be changed to text/xml? PHP4 is also available if necessary.

iframe-action的URL必须保留，因为Result包含一个带有相对链接的HTML页面......

The URL of the iframe-action has to remain because the Result contains a HTML page with relative links...

推荐答案

过去可以在iframe上的 document.open（mimetype） Netscape，但现代浏览器不支持此功能（并且Netscape从不支持XML）。

It used to be possible to document.open(mimetype) on the iframe back in Netscape, but modern browsers don't support this (and Netscape never supported XML anyway).

在许多浏览器中，您可以设置iframe的 src 到数据URI ，例如： data：text / xml，％3Celement％3Ehello％3C / element％3E ，只要文档不太长。但这在IE中不起作用。因此，您至少需要一个返回服务器的备份计划：

In many browsers, you can set an iframe's src to a data URI such as: data:text/xml,%3Celement%3Ehello%3C/element%3E, as long as the document isn't too long. This doesn't work in IE though. So you would need at least a backup plan of going back to the server:

<?php
    header('Content-Type: text/xml');
    echo($_REQUEST('xml'));
?>

然后，如果XML足够短以适合URI，您可以通过以下方式设置其src：

Then, if the XML were short enough to fit in a URI, you could set its src via:

iframe.src= 'http://www.example.com/echoxml.php?xml='+encodeURIComponent(xml);

如果XML可能很长，则需要使用POST请求，这意味着表单提交：

If the XML might be long, you'd need to use a POST request, which means a form submission:

var idoc= iframe.contentDocument || iframe.contentWindow.document; // IE compat
idoc.open();
idoc.write('<form method="post" action="http://www.example.com/echoxml.php">');
idoc.write('    <textarea name="xml"></textarea>');
idoc.write('</form>');
idoc.close();
idoc.getElementsByTagName('textarea')[0].value= xml;
idoc.getElementsByTagName('form')[0].submit();

这一切都值得吗？除非您使用的是XSL，否则您在大多数浏览器中获得的无格式XML视图可能会非常糟糕。在根本不显示XML的较旧/较简单的浏览器中，系统会提示您下载XML文件。

Is this all worth it? Unless you're using XSL, the unstyled XML view you'd get in most browsers would probably be quite poor. In older/simpler browsers that don't display XML at all you'd just be prompted to download the XML file.

允许任何人注入任何XML都很危险内容到您的安全上下文。例如。如果他们制作了包含XHTML脚本内容的返回文档，您就很容易受到跨站点脚本攻击。

And it's dangerous to allow anyone to inject any XML content into your security context. eg. if they made a return-document containing XHTML scripting content, you'd be vulnerable to cross-site-scripting attacks.

这篇关于如何使用JavaScript将XML发布到iframe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！