< object>适用于除谷歌浏览器以外的所有浏览器 [英] <object> works in every browser except Google Chrome
问题描述
我将数据加载到<对象>使用Javascript.它拒绝在Chrome中运行,也没有错误消息.
I have a problem with loading data into an < object > using Javascript. It refuses to work in Chrome, no error message either.
您可以在此处看到一个最小的示例: http://tinkerbin.com/HIqG0ypb
You can see a minimal example to play with here: http://tinkerbin.com/HIqG0ypb
推荐答案
对于我来说奇怪的是,浏览器认为object.data可以设置为 URI ,但显示该URL上的内容.听起来像一个安全漏洞:可以在不使用框架的情况下将全部内容注入页面.我不知道您的示例中的test.com是否可以访问window.parent或类似的东西
It is strange to me that browsers assume object.data could be set as URI but display content available at that URI. It sounds like a security flaw : full content could be injected into a page without using frame. I wonder if test.com in your example has access to window.parent or something like that
所以
<script type="text/javascript">
function openFrame() {
document.getElementById('testFrame').data="http://test.com";
}
</script>
必须将Chrome编写为:
Must be written for Chrome as :
<script type="text/javascript">
function openFrame() {
document.getElementById('testFrame').data="http://test.com";
var el = document.getElementById("testFrame");
var h = el.innerHTML;
el.innerHTML = h;
}
</script>
其中testFrame是:
where testFrame is :
<object id="testFrame" type="text/html" style="overflow-x: hidden; width: 100%; height: 100%" />
这篇关于< object>适用于除谷歌浏览器以外的所有浏览器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
