不安全的 JavaScript 尝试访问 Google Chrome 中的框架 [英] Unsafe JavaScript attempt to access frame in Google Chrome

问题描述

我们的网络应用程序(基于 HTML5、SVG 和 JS)在除 Google Chrome 之外的所有浏览器中都运行良好.

Our web application (based on HTML5, SVG & JS) runs fine in all the browsers except Google Chrome.

在谷歌浏览器中，正常的 javascript 事件运行良好，但是，附加到 iFrame 的所有 javascript 事件都没有执行.我们在控制台中得到错误:

In Google Chrome, the normal javascript events run fine, however, all the javascript events attached to the iFrame are not executed. We get the error in the console:

Unsafe JavaScript attempt to access frame

目前，该应用程序在本地托管，并且在内部测试期间出现了此问题.

At the moment, the application is locally hosted and this problem cropped up during inhouse testing.

谷歌搜索这会带来很多帖子，但没有人提出任何具体的解决方案.有什么建议吗?

Googling this brings up lots of posts but none suggests any concrete solution. Any suggestions?

推荐答案

作为一项额外的安全措施，Chrome 将每个文件"路径视为自己的来源，而不是将整个文件"方案视为单一来源(这是其他浏览器做什么).此行为仅适用于文件"网址，您可以通过在启动时传递 --allow-file-access-from-files 开关来强制 Chrome 恢复到单个本地来源(与其他浏览器一样).

As an additional security measure, Chrome treats every "file" path as its own origin rather than treating the entire "file" scheme as a single origin (which is what other browsers do). This behavior applies only to "file" URLs and you can force Chrome to revert to a single local origin (like other browsers) by passing the --allow-file-access-from-files switch at startup.

您可以在此处找到有关与本地来源相关的风险的更多信息:http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html

You can find more information on the risks associated with local origins described here: http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html

这篇关于不安全的 JavaScript 尝试访问 Google Chrome 中的框架的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！