在javascript postmessage到本地磁盘上的父级HTML iframe [英] On javascript postmessage to parent HTML iframe that is on local disk

问题描述

我正在处理一个涉及在iframe中托管网页的项目，而托管父级iframe则位于本地磁盘上的HTML文件中，例如c：\;而内部托管的iframe是在一些服务器上。这两个网页需要做postmessage彼此。

没有问题的父iframe（本地磁盘上）postmessage到内部框架，因为它知道内部iframe的域;

但是当内部iframe需要postmessage回到父iframe时，它需要提供本地磁盘上的父iframe的域。

我在内部HTML中尝试了以下方法来postmessage到其父IFrame，它位于本地磁盘上：

  * var messageToSend = {
 jsonrpc：2.0，
 result：[result] 
}; 
 window.parent.postMessage（JSON.stringify（messageToSend），file：//）; * 
  

// window.parent IFrame是位于本地磁盘上的HTML文件

但是当我尝试使用file：作为postmessage中的域到父iframe，我得到一个无效的参数的错误。

有人可以帮助吗？ 本地磁盘html的域名应该是什么？任何提示将不胜感激。

干杯

解决方案

不知道如何指定文件，我猜这是没有办法的，因为这没有多大意义。源的目的是为了防止其他人（大概是恶意的）看到你的消息，但是如果源头只是硬盘上的任何文件，任何人都可以通过创建带有框架的html文件并从你的网页加载你的网页来看到它你的服务器。因此，指定文件（即使有一种方法）没有比指定*更安全，所以只需使用*，并保存头痛。

I am working on a project that involves hosting a webpage in a iframe, while the hosting parent iframe is in a HTML file on local disk, say on c:\; while the inner hosted iframe is on some server. The two webpages need to do postmessage to each other.

There is no problem for the parent iframe (on local disk) to postmessage to the inner frame, since it knows the domain of the inner iframe;

But when the inner iframe need to postmessage back to the parent iframe, it need to provide the domain of the parent iframe which is on local disk.

I tried the following in the inner HTML to postmessage to its parent IFrame, which is on local disk:

*var messageToSend = {
                        jsonrpc: "2.0",
                        result: [result]
                    };
window.parent.postMessage(JSON.stringify(messageToSend), "file://");*

// window.parent IFrame is a HTML file that is on Local disk

But when I try using "file:" as the domain in postmessage back to the parent iframe, I am getting a "Invalid argument" error.

Can some one help? What should the domain of "local disk html" be? Any hints will be highly appreciated.

Cheers

解决方案

I don't know how to specify "file", I'm guessing there is no way because it doesn't make much sense. The purpose of the origin is to prevent others (presumably malicious) pages from seeing your message, but if the origin is just any file on the hard disk, anyone could see it by creating an html file with a frame and loading your web page from your server. So specifying "file" (even if there were a way) is no more secure than specifying " * ", so just use " * " and save yourself the headache.

这篇关于在javascript postmessage到本地磁盘上的父级HTML iframe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！