从 Javascript 访问 SVG 对象时收到未捕获的安全错误 [英] Receive Uncaught SecurityError when accessing SVG objects from Javascript

问题描述

今天我花了一些时间尝试使用 D3(和 jQuery)操作 SVG.我的目标是能够通过 JavaScript 访问/修改本地 SVG.如果它是为 D3 量身定制的并不重要，但那会是额外的积分.

Today I've been spending a bit of time trying to manipulate SVGs with D3 (and jQuery). My goal is being able to access/modify local SVGs through JavaScript. Doesn't matter if it's tailored to D3 but that would be extra points.

似乎适用于其他人的解决方案不适用于我，其中包含以下 JavaScript:

It seems the solution that works for other people isn't working for me, which has the following JavaScript:

window.onload=function() {
    // Get the Object by ID
    var a = document.getElementById("svgObject");
    // Get the SVG document inside the Object tag
    var svgDoc = a.contentDocument;
    // Get one of the SVG items by ID;
    var svgItem = svgDoc.getElementById("svgItem");
    // Set the colour to something else
    svgItem.setAttribute("fill", "lime");
};

使用这个 HTML object

<object id="svgObject" data="img/svgfile.svg" type="image/svg+xml" height="50" width="50"></object>

和单独的SVG文件

<svg height="40px" width="40px" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 800 800">
    <rect id="svgItem" width="800" height="800" fill="red"></rect>
    <circle cx="400" cy="400" r="400" fill="blue"></circle>
</svg>

都在此处找到.它是 中代码的简化版本这个例子.我的 JavaScript 代码如下所示，直接来自我的编辑器:

all found here. It's a simplified version of the code found in this example. My JavaScript code is shown below, straight up out of my editor:

window.onload = function() {
    var checkObject = document.getElementById("checkers"); 
    var checkDoc = checkObject.contentDocument;

    var cheese = checkDoc.getElementById('layer1');
    console.log(cheese);
};

如果它有任何改变，我的脚本会加载到 HTML 正文的底部.下面是我唯一的 HTML 元素.

In case it changes anything, my script is loaded at the bottom of the HTML's body. Below is my only HTML element.

<object data="check.svg" type="image/svg+xml" width="100" id="checkers"></object>

和我的 SVG 文件(只是一个灰色的检查，随意使用).

and my SVG file (just a gray check, feel free to use).

<svg id="svg2" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">
    <g id="layer1" transform="translate(0,-952.36217)">
        <path id="rawCheck" fill="#dbdbdb" d="m18.75,1004.5,21.607,21.607,40.893-40.893-7.8571-7.8572-33.036,33.036-13.75-14.107z" stroke-opacity="0"/>
    </g>
</svg>

我的问题来自于在 checkObject 上调用 .contentDocument，应该只是在object 元素，但我搞砸了:

My issue comes from calling .contentDocument on checkObject, which should just be calling .contentDocument on the object element but I get this mess:

未捕获的安全错误:无法从 'HTMLObjectElement' 读取 'contentDocument' 属性:阻止了来源为null"的框架来自访问原点为null"的框架.协议、域和端口必须匹配.

Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLObjectElement': Blocked a frame with origin "null" from accessing a frame with origin "null". Protocols, domains, and ports must match.

除了它都是愤怒的红色.这让我很困惑，因为据我所知，我的代码非常接近工作示例的副本，但我在这里.

Except it was all angry red color. This confused me, because as far as I can see, my code is pretty close to a copy of the working example, yet here I am.

我也尝试了 这个问题的回答并收到以下错误

I have also tried the d3.xml() seen in this question's answer and received the following error

XMLHttpRequest 无法加载file:///home/user/Documents/examples/d3/check.svg.交叉原点请求仅支持 HTTP.

XMLHttpRequest cannot load file:///home/user/Documents/examples/d3/check.svg. Cross origin requests are only supported for HTTP.

以及

未捕获的网络错误:无法在XMLHttpRequest"上执行发送":无法加载file:///home/user/Documents/examples/d3/check.svg"

Uncaught NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'file:///home/user/Documents/examples/d3/check.svg'

如果您想查看有关我的 d3.xml() 尝试的更多详细信息，我很高兴更新此问题，我只是认为已经有很多代码块了.

If you'd like to see more details on my d3.xml() attempt I'm happy to update this question, I just thought there were a lot of code blocks already.

推荐答案

在 Chrome 中，通过文件系统打开页面时，无法通过 JavaScript 访问外部 SVG 的内容(即 URL 具有 file:// 协议).

In Chrome, it is not possible to access an external SVG's contents via JavaScript when the page is opened through the file system (i.e. the URL has the file:// protocol).

要解决此问题，您可以通过本地服务器打开它.或者，您可以禁用同源策略网络安全功能以使用--disable-web-security 命令行参数.Firefox 也没有这个限制，所以也有这个选项.

To get around this, you can open it through a local server. Alternately, you can disable the Same-Origin Policy web security feature for testing using --disable-web-security command line argument. Firefox also does not have this limitation, so there is that option as well.

这篇关于从 Javascript 访问 SVG 对象时收到未捕获的安全错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！