Firefox的沙箱iframe的位置改变时,不应该 [英] firefox sandbox iframe location changing when it shouldn't
问题描述
< iframe sandbox =使用html5沙盒iframe时我想让iframe无法更改其位置: allow-forms allow-popups allow-pointer-lock allow-same-origin allow-scriptsclass =iframe visiblesrc =thesource.htmlwidth =100%scrolling =autoframeborder =0 >< / iframe中>
它在Chrome中效果很好,但是在Firefox中,沙箱化的iframe仍然可以重定向。
这是一个已知错误,但是如何修补它以便所有Firefox用户将不会被重定向?
示例:
有额外的限制:
< iframe src =demo_iframe_sandbox.htmsandbox =>< / iframe>
在Internet Explorer 10,Firefox,Chrome和Safari中支持sandbox属性。
$ b
注意:Internet Explorer 9和更早版本或Opera中不支持sandbox属性。
定义和用法
如果指定为空字符串(sandbox =),则sandbox属性会为内联框架中的内容启用一组额外限制。
sandbox属性的值可以是空字符串(应用所有限制),也可以是空格分隔的预定义值列表,这些值将删除特定限制。
HTML 4.01和HTML5之间的差异
sandbox属性在HTML5中是新增的。
语法
< iframe sandbox = 值 >
属性值
- =>应用下面的所有限制 允许iframe内容被视为来自与包含文档相同的来源
- allow-top-navigation =>允许iframe内容从包含的文档中导航(加载)内容
- allow-forms =>允许表单提交 >
- allow-scripts =>允许执行脚本
$ b javascript:是一种奇怪的URI协议。它在一些上下文中工作,但不是全部 - 例如,窗口的位置不能被设置为这样的URI。 (虽然你可以指定一个javascript:URI window.location作为一个非常迂回的方式来运行一个脚本,窗口的位置不会保持设置为该值。)
要将内容写入IFRAME,请获取对帧的文档的引用并写入。这样做会要求你设置allow-same-origin沙箱标志。
< iframe id =myframesandbox = allow-scripts allow-same-originsrc =about:blank>< / iframe>
< ;脚本>
var frame = document.getElementById(myframe);
var fdoc = frame.contentDocument;
fdoc.write(Hello world); //或任何
< / script>
现场示例 http://jsfiddle.net/wUvrF/1/ When using html5 sandbox iframe I want the iframe to not be able to change its location:
<iframe sandbox="allow-forms allow-popups allow-pointer-lock allow-same-origin allow-scripts" class="iframe visible" src="thesource.html" width="100%" scrolling="auto" frameborder="0"></iframe>
It works great in Chrome but in Firefox an sandboxed iframe can still redirect.
it's a known bug but how can I patch it so that all Firefox users won't be redirected?
Example:
An with extra restrictions:
<iframe src="demo_iframe_sandbox.htm" sandbox=""></iframe>
the sandbox attribute is supported in Internet Explorer 10, Firefox, Chrome, and Safari.
Note: The sandbox attribute is not supported in Internet Explorer 9 and earlier versions, or in Opera.
Definition and Usage
If specified as an empty string (sandbox=""), the sandbox attribute enables a set of extra restrictions for the content in the inline frame.
The value of the sandbox attribute can either be an empty string (all the restrictions is applied), or a space-separated list of pre-defined values that will REMOVE particular restrictions.
Differences Between HTML 4.01 and HTML5
The sandbox attribute is new in HTML5.
Syntax
<iframe sandbox="value">
Attribute Values
- "" => Applies all restrictions below
- allow-same-origin => Allows the iframe content to be treated as being from the same origin as the containing document
- allow-top-navigation => Allows the iframe content to navigate (load) content from the containing document
- allow-forms => Allows form submission
- allow-scripts => Allows script execution
javascript: is a kind of weird URI protocol. It works in some contexts, like , but not all - for instance, a window's location can not be set to such a URI. (While you can assign a javascript: URI to window.location as a really roundabout way of running a script, the window's location doesn't stay set to that value.)
To write content into an IFRAME, get a reference to the frame's document and write to it. Doing so will require that you set the allow-same-origin sandbox flag.
<iframe id="myframe" sandbox="allow-scripts allow-same-origin" src="about:blank"></iframe>
<script>
var frame = document.getElementById("myframe");
var fdoc = frame.contentDocument;
fdoc.write("Hello world"); // or whatever
</script>
Live example: http://jsfiddle.net/wUvrF/1/
这篇关于Firefox的沙箱iframe的位置改变时,不应该的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
