是什么让JSFiddle免受基于XSS的攻击？ [英] What makes JSFiddle secure from XSS based attacks?

问题描述

我很好奇，是什么让 www.jsfiddle.net 免受基于XSS的攻击？他们对帐户有支持，所以他们在浏览器上运行的任何脚本都可能做坏事。

I am curious, what makes www.jsfiddle.net secure from XSS based attacks? They have a support for accounts so clearly any script they run on the browser may do evil things.

推荐答案

如果看一下你会发现它实际上是指向不同域的IFRAME的结果窗格，这意味着内置安全性将启动，这通常会阻止访问父窗口。

If you look at the results pane for a fiddle you'll notice that it's actually an IFRAME pointing to a different domain which means that built in security will kick in which generally prevents access to the parent window.

这个小提琴例如： http：// jsfiddle。 net / jomanlk / y9zCK /

实际上由以下人员提供服务： http://fiddle.jshell.net/jomanlk/y9zCK/show/

Is actually served by : http://fiddle.jshell.net/jomanlk/y9zCK/show/

这篇关于是什么让JSFiddle免受基于XSS的攻击？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！