Javascript和框架 [英] Javascript and Frames
问题描述
我喜欢框架的一件事是,它们是一个很好的存放地点。
Javascript。当屏幕上可见的
内容发生变化时,我想要的Javascript会出现在框架声明HTML文件中。
它永远不需要重新加载和JS变量可以在那里更新为
可见的屏幕进度。
但是......如果我想成为一个好的互联网撒玛利亚人并且不使用框架,
更换该功能的最佳方法是什么?
问候,
Kent Feiler
www.KentFeiler.com
One thing I like about frames is that they''re a good place to stow
Javascript. Javascript that I''d like to be around while the visible
content of the screen changes goes in the frame declaration HTML file.
It never needs to be reloaded and JS variables can be updated there as
the visible screens progress.
But...if I want to be a good internet samaritan and not use frames,
what''s the best way to replace that function?
Regards,
Kent Feiler
www.KentFeiler.com
推荐答案
" ;肯特费勒 < zz ** @ zzzz.com写了留言
news:qd **************************** **** @ 4ax.com ...
"Kent Feiler" <zz**@zzzz.comwrote in message
news:qd********************************@4ax.com...
我喜欢框架的一件事是它们是一个很好的存放地点
Javascript。当屏幕上可见的
内容发生变化时,我想要的Javascript会出现在框架声明HTML文件中。
它永远不需要重新加载和JS变量可以在那里更新为
可见的屏幕进度。
但是......如果我想成为一个好的互联网撒玛利亚人并且不使用框架,
更换该功能的最佳方法是什么?
One thing I like about frames is that they''re a good place to stow
Javascript. Javascript that I''d like to be around while the visible
content of the screen changes goes in the frame declaration HTML file.
It never needs to be reloaded and JS variables can be updated there as
the visible screens progress.
But...if I want to be a good internet samaritan and not use frames,
what''s the best way to replace that function?
您是否考虑过为您的网站准备商业计划书?我问的原因是因为这个网站应该为自己付出的代价和
然后一些的态度。导致一些替代解决方案通常基于网络的
问题;似乎根植于网络常规性的问题...
< div> s的使用使得框架有些多余。
例如。 www.geoceanis.com
PS。出于安全原因,我禁止所有客户端脚本,例如Java,我的浏览器,甚至出售一种让其他人更容易做到的产品
同样
( www.fieldcraft.biz/software/browser-security )
客户端脚本也用于浏览器劫持,许多间谍软件
蠕虫以这种方式安装。
您需要与访问者建立信任才能合理地确定b
b期望他们从您编写的任何客户端受益。
我会指出客户端脚本比框架
更不方便用户,因为虽然大多数使用的浏览器都会充分协商帧,但很多用户需要b / b
用户我没有允许任何代码在我们的系统上运行,如果没有隔离48-96小时的隔离和随后更新的防病毒扫描。在网络启动代码的情况下,这是不切实际的,除了禁用所有脚本之外,没有任何依据建立安全边界。
诀窍是与您的托管服务协作运行服务器
服务器端。这可以保证每个人都能从您的b / b
脚本中获益。我知道Perl / CGI,VBScript和.NET可以在服务器端运行。我不是这么肯定的Java。通过服务器端运行,不知道的访问者不会被要求冒着病毒/间谍软件/蠕虫感染的风险,以换取
访问铃声和你的页面口哨。
如果你想隐藏你的来源,那么服务器端执行的脚本源
比收起来的东西要难得多在一个框架中。对于
示例,其中框架用于混淆基本URL(例如SPAM
受益人),通过HTML跟踪基本URL是孩子的游戏。
来源 - 不是源保护的好选择。另一方面,一些
的开发人员生成一个ActiveX.exe文件,这非常有效,因为它是
是一个伪编译的可执行文件 - 但我会下注他们然后我们想知道为什么他们的
网站访客不会留下来...
无论如何,如果你不想和他说话您的托管服务,或者他们
不想与您交谈,找到另一项服务。我有很好的
技术支持来自:
在一天结束时,一个网站只是一个文件服务器,并且会有
永远不是应用程序服务器的安全实现。微软是如此热衷于传播福音,而不会消除互联网的双向性。
通信。如果您发现自己正在编写可执行代码,那么您是否应该更好地编写一个可下载的
程序,如果您愿意,可以免费提供,或者以
a利润出售。这样做的另一个好处是允许访问者通过隔离和扫描程序建立
编码信任。对于你的
网站,一个VB,VC或VJ应用程序,它可以从一个数据文件更新自己,你的网站将是一件轻而易举的事情,另外成为一个适销对路的商品。
-
Timothy Casey GPEMC! > 11950是 nu****@fieldcraft.biz 2email
条款&条件适用。请参阅 www.fieldcraft.biz/GPEMC
发现有效可互操作的网页菜单,IE安全,TSR控制,
&最先进的速读应用程序@ www.fieldcraft.biz
Have you considered preparing a business plan for your web site? The reason
I ask, is because the attitude that "the web-site shall pay for itself and
then some" leads to some alternative solutions to the usual web-based
problems; problems that seem to be rooted in online conventionality...
Use of <div>s leaves frames somewhat redundant.
Eg. www.geoceanis.com
PS. For security reasons, I ban all client-side scripting such as Java, on
my browser and even sell a product that makes it easier for others to do
likewise
(www.fieldcraft.biz/software/browser-security)
Client-side scripting is also used for browser hijacking and many "spyware"
worms are installed this way.
You need to establish trust with your visitors before you can reasonably
expect them to benefit from anything you write that will run client-side.
I''d point out that client-side scripting is less user friendly than frames
because while most browsers in use will negotiate frames adequately, many
users such as myself will not allow any code to run on our systems without a
48-96 hour quarantine and subsequently updated anti-virus scan. In the case
of web-launched code, this is impractical and there is no basis for
establishing security boundaries except to disable all scripts.
The trick is to collaborate with your hosting service to run things
server-side. This guarantees that everyone gets the benefit of your
scripting. I know Perl/CGI, VBScript, &.NET can be run server-side. I am not
so sure about Java. By running things server-side, visitors that don''t know
you are not being asked to risk virus/spyware/worm infection in return for
accessing the bells and whistles of your page.
If you want to hide your source, then server-side executed scripting source
is much more difficult to access than something tucked away in a frame. For
example, where frames are used to obfuscate the base URL (Eg. SPAM
beneficiaries), it is child''s play to trace the base URL through the HTML
source - not a good choice for source protection. On the other hand, some
developers produce an ActiveX.exe file, which is very effective because it
is a pseudo-compiled executable - but I''d wager they''d then wonder why their
site visitors won''t stick around...
Anyway, if you don''t feel like talking to your hosting service, or they
don''t feel like talking to you, find another service. I''ve had good
technical support from:
http://www.spherecomputers.com.au
At the end of the day, a web site is just a document server and there will
never be a secure implementation of the "application servers" Microsoft is
so keen on evangelising, without eliminating the two-way nature of internet
communication. If you find yourself writing executable code, it is worth
asking whether or not you would be better off compiling a downloadable
program that you can supply for free if you wish, or alternatively sell for
a profit. This has the added benefit of allowing visitors to establish
coding trust through quarantine and scanning procedures. In the case of your
website, a VB, VC, or VJ application that updates itself from a data file at
your site would be a breeze to write, in addition to being a marketable
commodity.
--
Timothy Casey GPEMC! >11950 is the nu****@fieldcraft.biz 2email
Terms & conditions apply. See www.fieldcraft.biz/GPEMC
Discover valid interoperable web menus, IE security, TSR Control,
& the most advanced speed reading application @ www.fieldcraft.biz
编号11950 - GPEMC!用11950替换号码写道:
Number 11950 - GPEMC! Replace number with 11950 wrote:
" Kent Feiler" < zz ** @ zzzz.com写了留言
news:qd **************************** **** @ 4ax.com ...
"Kent Feiler" <zz**@zzzz.comwrote in message
news:qd********************************@4ax.com...
客户端脚本也用于浏览器劫持和许多间谍软件
蠕虫以这种方式安装。
Client-side scripting is also used for browser hijacking and many "spyware"
worms are installed this way.
嗯 - 大多数交通死亡都发生在距离家10英里的地方,但我还是
上车开车!为了获得最佳的生活费用,必须采取一些小的风险。浏览器沙箱和安全模型
在大多数情况下提供了非常好的保护,你应该知道你是在狡猾的网站!你必须经常运行你的AV软件运行并定期扫描我同意的间谍软件,但有时浏览网页的美丽意味着你必须拥有客户端脚本
开启。
rgds
Sym。
Hmmm - Most traffic deaths occur within 10 miles of home, yet I still
get in the car and drive! In order to get the best out of life some
small risks have to be taken. The browser sandbox and security model
gives very good protection in most instances an dtypically you should
know you are on a "dodgy" site ! You must always have your AV software
running and give regular sweeps for spyware i agree, but sometimes the
beauty of browsing the web means you HAVE to have client scripting
turned on.
rgds
Sym.
"符号" < sy ***** @ gmail.comwrites:
"Sym" <sy*****@gmail.comwrites:
Number 11950 - GPEMC!用11950替换数字写道:
Number 11950 - GPEMC! Replace number with 11950 wrote:
客户端脚本也用于浏览器劫持和许多间谍软件
蠕虫安装此办法。
Client-side scripting is also used for browser hijacking and many "spyware"
worms are installed this way.
必须承担小风险。浏览器沙箱和安全模型
在大多数情况下提供了非常好的保护,你应该知道你是在狡猾的网站!您必须始终拥有AV软件
small risks have to be taken. The browser sandbox and security model
gives very good protection in most instances an dtypically you should
know you are on a "dodgy" site ! You must always have your AV software
大多数漏洞都是由于沙箱中的编码或设计缺陷或
安全模型(猜测我会说很大一部分现代IE或者Mozilla漏洞都与此有关。如果您在新的安全版本发布的那天总是更新您的
浏览器,那么您可能会更安全,但是这些漏洞中的一些已经在野外被利用了
在任何报告错误的人发现前几天。
此外,还有XSS攻击(或更直接地通过破解Web服务器
托管它,也发生了),一个你认为无害且值得信赖的网站可以被攻击者破坏,包括
有害脚本。最近有一个案例,攻击者
能够将恶意横幅广告插入横幅广告提供商,
然后被添加到跨越多个网站
的互联网被他们的读者所信任,然后他们被感染了。令人讨厌,但是由于默认情况下禁用了脚本,即使对于一般值得信赖的
网站我也避免了任何风险。
-
克里斯
Most exploits are due to coding or design flaws in the sandbox or
security model (at a guess I''d say a significant proportion of modern
IE or Mozilla flaws are related to this). If you always update your
browser the day a new security release comes out you''re probably
safer, but several of these bugs have been exploited in the wild for a
few days before the bug was discovered by anyone who would report it.
Also, with XSS attacks (or more directly by cracking the web server
hosting it, which also happens), a site that you believed to be
harmless and trustworthy can be subverted by an attacker to include
harmful scripts. There was a case fairly recently where an attacker
was able to insert a malicious banner ad into a banner ad provider,
which then got added to a number of sites across the internet that
were trusted by their readers, who then got infected. Nasty, but by
having scripting disabled by default even for generally trustworthy
sites I avoided any risk.
--
Chris
这篇关于Javascript和框架的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
