如何以编程方式从iframe中删除沙箱属性 [英] How to programatically remove sandbox attribute from an iframe with javascript

问题描述

我认为这是不可能的，但是，我发现了这句话:

>强烈建议不要同时使用allow-scripts和allow-同时具有相同来源，因为它允许嵌入式文档以编程方式删除沙箱属性."

我的iframe需要具有一个沙箱，但是仅当我在某些URL中浏览时，嵌入式浏览上下文才会尝试将内容导航(加载)到顶级浏览上下文(跳出框架...)

在其他页面上，需要完全删除沙箱，因为它不允许我浏览其他来源的站点...

尝试导航的框架是沙盒，因此不允许对其祖先进行导航.

以编程方式更改沙箱:

  document.getElementById("frame").sandbox ="; 

...不起作用，因为这仍然存在限制...因此，我需要以某种方式完全删除该属性，我将如何去做呢?

解决方案

这些标志仅在嵌套嵌套浏览上下文时才生效.iframe已导航.删除它们，或删除整个沙箱属性，对已加载的页面无效.

更多信息-"It is strongly discouraged to use both allow-scripts and allow-same-origin at the same time, as that allows the embedded document to programmatically remove the sandbox attribute."

My iframe needs to have a sandbox, but only when I am browsing in certain URLs where the embedded browsing context tries to navigate (load) content to the top-level browsing context (Jump out of frame...)

On other pages the sandbox needs to be removed entirely, as it wont allow me to browse away from a site with a different origin...

The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.

Programatically changing the sandbox with :

document.getElementById("frame").sandbox = "";

...doesnt work either as this still places restrictions... Therefore, i need to somehow remove the attribute entirely, how would i go about doing this?

解决方案

These flags only take effect when the nested browsing context of the iframe is navigated. Removing them, or removing the entire sandbox attribute, has no effect on an already-loaded page.

More info - Here

这篇关于如何以编程方式从iframe中删除沙箱属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！