Youtube 嵌入:不安全的 JavaScript 尝试访问框架 [英] Youtube embed: Unsafe JavaScript attempt to access frame
问题描述
我们有一个 Wicket 应用,其页面包含嵌入的 Youtube 视频.视频嵌入和播放正常,但显然它导致页面的其余部分无法呈现 - 似乎 嵌入之后的 DOM 元素根本没有显示在页面上,尽管在标记.
We have a Wicket app with a page that includes an embedded Youtube video. The video embeds and plays fine, but apparently it causes the rest of the page to not render- it seems that the DOM elements coming after the embed simply don't show up on the page, despite being in the markup.
查看 Chrome 中的错误控制台显示:
Looking at the error console in Chrome reveals:
不安全的 JavaScript 尝试访问带有 URL 的框架http://example.com/detail/COMMUNICATION/search/com-sonyericsson-花梨来自带有 URL 的框架http://www.youtube.com/embed/eJY7_De5opI?enablejsapi=1&autohide=1&showinfo=1.域、协议和端口必须匹配.
Unsafe JavaScript attempt to access frame with URL http://example.com/detail/COMMUNICATION/search/com-sonyericsson-hanashi from frame with URL http://www.youtube.com/embed/eJY7_De5opI?enablejsapi=1&autohide=1&showinfo=1. Domains, protocols and ports must match.
我在谷歌上搜索了很多,人们似乎在说它是无害的 并忽略它.这似乎是错误的,在我们的例子中它实际上打破了页面.
I've googled this a fair amount, and people seem to be saying that it's innocuous and to ignore it. That just seems wrong, and in our case it actually breaks the page.
如果我们更改我们的应用程序,以便通过 ajax 回调(用户单击 Wicket AjaxLink)动态嵌入视频,我们仍然会在控制台中收到错误消息,但至少页面可以完全呈现.不幸的是,这对我们不起作用,因为我们需要在用户第一次点击页面时默认加载视频.
If we change our app so that the video is embedded dynamically via an ajax callback (user clicks a Wicket AjaxLink) we still get the error in the console, but at least the page renders fully. Unfortunately this won't work for us, as we need the video to be loaded by default when the user first hits the page.
编辑:我应该补充一点,虽然错误消息是从 Chrome 控制台获取的,但该错误似乎影响了我尝试过的每个浏览器:Chrome、Safari 和 Firefox.
Edit: I should add that although the error message was taken from the Chrome console, the bug seems to affect every browser I've tried: Chrome, Safari and Firefox.
推荐答案
安全错误不太可能破坏您的页面.错误似乎发生在 YouTube 框架内,这意味着在最坏的情况下,框架的内容会被弄乱.
The security error is unlikely to break your page. It looks like the error is happening from within the YouTube frame, which means that in the worst case the content of the frame will be messed up.
来自外部页面的框架/iframe 在任何情况下都不能影响父文档的内容,除非它们来自相同的域和端口号.这是浏览器安全的硬性规则之一.
A frame/iframe from an external page cannot, under any circumstances effect the content of the parent document unless they are from the same domain and port number. It is one of the hard rules of browser security.
错误必须在您的标记中的其他地方.有机会看到一些示例标记吗?
The error must be elsewhere in your markup. Any chance of seeing some example markup?
错误也可能出现在嵌入代码标记中.或者,如果任何脚本标签直接包含在页面上(而不是 iframe 中),它可能就在那里.
The error could also be in the embed code markup. Or, if any script tags are included directly on the page (not in the iframe) it could be there.
通常发生这样的问题是因为某个地方有一个未关闭的标签,但也可能是 Javascript.
Usually when problems like this happens it is because of an unclosed tag somewhere but it could be Javascript as well.
这篇关于Youtube 嵌入:不安全的 JavaScript 尝试访问框架的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
