跨站点脚本 Iframe 权限被拒绝问题 [英] Cross Site Scripting Iframe Permission Denied issue
问题描述
我在以下代码中遇到跨站点脚本错误.
I am getting Cross Site Scripting error on the following code.
Javascript
function resizeIframe(ifRef)
{
var ifDoc;
//alert(ifRef);
try
{
ifDoc = ifRef.contentWindow.document.documentElement;
}
catch( e )
{
alert(e);
try
{
ifDoc = ifRef.contentDocument.documentElement;
}
catch( ee ){
alert(ee);
}
}
//var doc = ifRef.height;
//alert(doc);
if(ifDoc)
{
ifRef.height = 1;
ifRef.style.height = ifDoc.scrollHeight+'px';
}
}
iframe
<iframe onload="resizeIframe(this)" style="margin-bottom: 16px;" src="ourteamnav/first.php" frameborder="0" scrolling="no" width="597" height="240"></iframe>
错误如下
对于e":
Mozilla Firefox:错误:访问属性文档"的权限被拒绝
Mozilla Firefox : Error: Permission denied to access property 'document'
谷歌浏览器:TypeError:无法读取未定义的属性documentElement"
Internet Explorer:类型错误:权限被拒绝
Internet Explorer : TypeError: Permission denied
对于ee":
Mozilla Firefox:错误:访问属性documentElement"的权限被拒绝
Mozilla Firefox : Error: Permission denied to access property 'documentElement'
谷歌浏览器:TypeError:无法读取 null 的属性documentElement"
Internet Explorer:错误:访问被拒绝.
Internet Explorer : Error: Access is denied.
我认为它不能以一般方式解决,因为它正在发生,因为域指向另一个域.因此,有人会指导我在不使用 Javascript contentDocument.documentElement
或 contentWindow.document.documentElement
的这些属性的情况下解决它,以根据其内部内容动态调整 Iframe 内容的大小.
I think it can not be solved in general way as it s happening because of domain is pointing another domain. So will anyone guide me to solve it without using these property of Javascript contentDocument.documentElement
or contentWindow.document.documentElement
for re-sizing the Iframe Content dynamically according to its inner Content.
谢谢
推荐答案
除了 Christophe 的回答,我想指出(遗憾的是)postMessage
不适用于所有浏览器.
In addition to the answer of Christophe, I wanted to point out (sadly) postMessage
doesn't work on all browsers.
幸运的是,Josh Fraser 已经提供了window.postMessage() 的向后兼容版本.它检查浏览器是否支持 postMessage
方法.如果是,它会使用它.如果没有,它会使用 URL(来自 iframe 和父级)来传递数据.
Luckily, Josh Fraser already provided a backwards compatible version of window.postMessage(). It checks if the browser supports the postMessage
-method. If it does, it uses that. If not, it uses the URL (both from the iframe and the parent) to pass along data.
现在您可以使用以下方法让两个窗口相互交谈":
Now you can use the following methods to let both windows "talk" to eachother:
XD.postMessage(msg, src, frames[0]);
XD.receiveMessage(function(message){
window.alert(message.data + " received on "+window.location.host);
}, 'URL');
请确保您正确阅读文档,因为必须正确设置配置.
Just make sure you read the documentation properly, since the configuration has to be set just right.
这篇关于跨站点脚本 Iframe 权限被拒绝问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!