是什么让JSFiddle免受基于XSS的攻击? [英] What makes JSFiddle secure from XSS based attacks?
问题描述
我很好奇,是什么让 www.jsfiddle.net 免受基于XSS的攻击?他们对帐户有支持,所以他们在浏览器上运行的任何脚本都可能做坏事。
I am curious, what makes www.jsfiddle.net secure from XSS based attacks? They have a support for accounts so clearly any script they run on the browser may do evil things.
推荐答案
如果看一下你会发现它实际上是指向不同域的IFRAME的结果窗格,这意味着内置安全性将启动,这通常会阻止访问父窗口。
If you look at the results pane for a fiddle you'll notice that it's actually an IFRAME pointing to a different domain which means that built in security will kick in which generally prevents access to the parent window.
这个小提琴例如: http:// jsfiddle。 net / jomanlk / y9zCK /
实际上由以下人员提供服务: http://fiddle.jshell.net/jomanlk/y9zCK/show/
Is actually served by : http://fiddle.jshell.net/jomanlk/y9zCK/show/
这篇关于是什么让JSFiddle免受基于XSS的攻击?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!