防止子iframe“跳出框架" [英] Preventing child iframe from "breaking out of frame"

问题描述

我正在做一些简单的网络集成工作，我通过使用 iframe 来完成.我的主窗口有一些 javascript，它与我的服务器交互以将 iframe 重定向到所需的 URL.遗憾的是，其中一个目标页面包含以下代码:

I'm doing some simple web integration work which I'm accomplishing through use of an iframe. My main window has some javascript which interacts with my server to redirect the iframe to the required URL. One of the target pages sadly has the following piece of code inside:

if (top.location != location) {
    top.location.href = document.location.href ;
}

脚本因跨站点脚本限制而终止，并阻止该页面正确呈现.我无法修改该页面的来源(我正在与之集成的第 3 方).

The script dies because of cross-site-cripting restrictions and prevents that page from rendering properly. I can't modify the source of that page (3rd party I'm integrating with).

我该如何解决这个问题?

How could I work around this?

谢谢

推荐答案

这是我的第一篇文章，所以如果它不起作用，请不要批评我，但此修复程序在 IE 中似乎对我有用.将 security="restricted" 添加到您的框架中.

This is my first post so don't trash me if it doesn't work, but this fix seems to work for me in IE. Add security="restricted" to your frame.

示例:

<iframe id="frame_id" name="frame_name" security="restricted" src="page.html">  
</iframe>

我找到了更好的解决方案.这不会阻止脚本，也不需要 javascript.尝试使用 sandbox="..."

I found a better solution. That doesn't block scripts and doesn't require javascript. Try using sandbox="..."

• allow-forms 允许表单提交
• allow-popups 允许弹出窗口
• allow-pointer-lock 允许指针锁定
• allow-same-origin 允许文档保持其来源
• allow-scripts 允许 JavaScript 执行，还允许功能自动触发
• allow-top-navigation 允许文档通过导航顶层窗口跳出框架

顶部导航是您想要阻止的，所以忽略它，它将不被允许.任何遗漏将被阻止

例如.

<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="http://www.example.com"></iframe>

这篇关于防止子iframe“跳出框架"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！