仅在本地编辑跨域Iframe内容 [英] Edit cross-domain Iframe content Locally Only

问题描述

我们许多人都知道，由于

我只需添加 zoom：2;到＃video21588864 iframe图上

如果这不可能100％，为什么我可以在检查器窗口中成功完成此操作，但不能自动完成？

解决方案

没有真正的零本地自动方法来使用Javascript或其他方法吗？ < iframe> 以跨源方式进行。如果响应中包含CORS标头，您也许可以。

为什么我可以在Inspector窗口中成功完成

开发人员工具与您的文档是分开的。它可以执行网页中普通JavaScript无法完成的更多工作。

理性

有这就是为什么您无法访问iframe中的内容的原因。考虑到这一点，用户已登录其银行网页。令牌存储在Cookie中，以证明用户已登录。

现在，您在网页中加入了iframe并加载了银行的网页。由于Cookie包含有效令牌，因此iframe将显示用户已登录。

如果您可以访问iframe并发送自己，那不是很好吗一些钱？好吧，这就是为什么不允许它， 100％不可能，因为浏览器已正确实现。

附录

在您看到本地提到一词之后，我决定添加此部分。现在，我不知道您到底想做什么，但是如果您具有较高的特权，则可以在iframe中操纵内容，包括：

• 用户脚本


• 具有适当权限的扩展


• 开发人员工具


• 浏览器本身

如果您只想将 zoom：2 添加到来自在您自己的计算机上使用ESPN，我建议创建用户脚本，其中包含

  // == UserScript == 
 // @match http://www.espn.com/core/video/iframe* 
 // == / UserScript == 
 
 document.querySelector（ figure） .style.zoom = 2; 
  

另存为 myscript.user.js 。打开chrome：// extensions，然后将该文件拖到页面上。该用户脚本将具有更高的特权，并且可以访问该页面。

As many of us know there is no way to edit a Cross Domain IFrame due to the Same Origin Policy.

Is there a way around this if we use the Stylish extension etc. locally only?

Take this video being launched inside an iframe for example:

I need to simply add "zoom:2;" onto "#video21588864 iframe figure"

If this is 100% not possible, why am I able to do it successfully in the Inspector window, but not automatically? Is there really ZERO automatic local ways around this using Javascript or something?

解决方案

There is no way you can access the content inside the <iframe> in a cross-origin fashion. You might be able to if the response includes a CORS header.

Why am I able to do it successfully in the Inspector window

The developer tools is separate from your document. It can do much more things that you cannot possibly do with normal JavaScript in a webpage.

Rationale

There is a reason why you cannot access the content inside an iframe. Consider this, a user was logged into their bank webpage. A token is stored in a cookie to prove that the user is logged in.

Now you include an iframe in your webpage and loads the bank's webpage. Since the cookie contains a valid token, the iframe will show that the user has been logged in.

Wouldn't it be great if you can access the iframe and send yourself some money? Well, this is exactly why it's not allowed, 100% not possible, given that the browser is implemented correctly.

Addendum

I have decided to add this part after seeing that you have mentioned the word locally. Now, I do not know exactly what you are trying to do, but it is possible to manipulate the content inside the iframe if you have an elevated privilege, including:

• a userscript
• an extension with proper permissions acquired
• developer tools
• the browser itself

If you merely want to add zoom: 2 to videos from ESPN on your own computer, I would suggest creating a userscript which has a much higher privilege than a normal webpage and much easier to make than an extension.

// ==UserScript==
// @match http://www.espn.com/core/video/iframe*
// ==/UserScript==

document.querySelector("figure").style.zoom = 2;

Save that as myscript.user.js. Open up chrome://extensions and drag that file onto the page. The userscript will have a higher privilege and can access the page.

这篇关于仅在本地编辑跨域Iframe内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！