为什么不能设置其父母的location.hash？ [英] Why can't an iframe set its parent's location.hash?

问题描述

我有一个包含iframe的窗口，包含一个iframe，如下所示：

  + ------- -------- + 
 |顶部| 
 | + ----------- + | 
 | |中间| | 
 | | + ------- + | | 
 | | |内部| | | 
 | | + ------- + | | 
 | + ----------- + | 
 + --------------- + 
  

Top和Middle在同一个域上，但Inner在不同的域上。我需要Inner来与Top沟通。我知道做IE7（我需要支持）支持的唯一方法就是改变窗口位置的散列。不过，我不希望信息在地址栏闪烁，所以我介绍了中间的iframe。

我想Inner改变Middle的散列。中间会读取它的哈希值，并通知Top，它有权直接与之通话。

然而，在Firefox 3中，我一直无法写入内部的中间散列。没有错误发生，但哈希似乎没有改变。写入它的 location.href 会引发一个权限错误。

Top可以写入Middle的hash，可以写入Inner的散列，Top可以写入Inner的散列，Inner和Middle都可以写入Top的散列，所以只有有序对不起作用是我想要的！ （我一直在这个工作一段时间）。

我已经在最小的测试案例中转载了这个。起初，我服务于同一个域名的所有三个页面。当我把内在不同的领域，我得到了问题的行为。当我把第二个域放在中间时，每个人都可以再次给所有人写信。

为什么不能Inner写入中间的散列？

---

附录：许多人认为由于同源政策，这是不可能的。这正是我想要解决的政策。这个确切的案例 - 设置（但不读取）另一个窗口的位置 - 应该是跨域可能的。我还没有找到这种效果的浏览器文档，但我发现了很多文章和演示。这本质上是HTML 5的前身 postMessage（）。

Ref：

<$ p $

attr（'src'，http：//< CHILD URL> /＃hello）; <> $（＃iframeWindow


子iframe可以使用以下设置父窗口的href（地址栏内容）：

  window.top.location.href =http：//< PARENT URL> /＃hello
  

在父母和/或孩子中，您需要轮询更改，

  var last =; 
 setInterval（function（）{
 if（last == window.location.href）return; 
 last = window.location.href; 
 
 // do东西与'window.location.hash'
}，1000）; 
  

请注意，如果您可以的话，这将是很好的

  window.top.location.href = window.top.location.href +#hello
  

但不允许读取位置对象（href和hash）11月3日在chrome上测试

7/9，firefox 3.6 / 4

编辑1：如果有人愿意的话可以放演示试试

edit2 ： http://dl.dropboxusercontent.com/u/14376395/html/xdomain。 html ：）

edit3：注意：如果您使用这种方法，请确保您拥有所有iframe页面的控制权，否则可能会导致恶意的第三方网站可以使用散列标签控制你的用户

edit4：更好的解决方案 http://ternarylabs.com/2011/03/27/secure-cross-domain-iframe-communication/ 目前正在被Google JavaScript API使用

edit5：dropbox域名更改为'dl.dropboxusercontent.com'

I have a window containing an iframe, containing an iframe, like so:

+---------------+
|      Top      |
| +-----------+ |
| |   Middle  | |
| | +-------+ | |
| | | Inner | | |
| | +-------+ | |
| +-----------+ |
+---------------+

Top and Middle are on the same domain, but Inner is on a different domain. I need Inner to communicate with Top. The only way I know of to do this which is supported in IE7 (which I need to support) is to change the hash of the window's location. However, I don't want the information to be flickering in the location bar, so I've introduced the Middle iframe.

I want Inner to change Middle's hash. Middle will read its hash and inform Top, whom it has permission to speak to directly.

However, in Firefox 3, I've been unable to write to Middle's hash from Inner. No error is raised, but the hash appears unchanged. Writing to its location.href raises a permissions error.

Top can write to Middle's hash, however, and Middle can write to Inner's hash, and Top can write to Inner's hash, and Inner and Middle can both write to Top's hash, so the only ordered pair that doesn't work is the one I want! (I've been working on this for a while.)

I've reproduced this in a minimal test case. At first, I served all three pages from the same domain. When I put Inner on a different domain, I get the problematic behavior. When I put Middle on the second domain, everyone can write to everyone again.

Why can't Inner write to Middle's hash?

---

Addendum: Many people have suggested that this shouldn't be possible because of the same-origin policy. This is exactly the policy I am trying to get around. This exact case--setting (but not reading) another window's location--is supposed to be possible across domains. I haven't found browser documentation to this effect, but I have found many articles and demos. This is essentially the precursor to HTML 5's postMessage().

Ref: http://softwareas.com/cross-domain-communication-with-iframes

解决方案

Parent frames can set children's iframe 'src' attribute (here with jquery) using:

$("#iframeWindow").attr('src', "http://<CHILD URL>/#hello");

Children iframes can set parent window's href (address bar content) using:

window.top.location.href = "http://<PARENT URL>/#hello"

and in the parent and/or child, you need to poll for changes,

var last = "";
setInterval(function() {
    if(last == window.location.href) return;
    last = window.location.href;

    //do stuff with 'window.location.hash'
}, 1000);

note, it would be nice if you could

window.top.location.href = window.top.location.href + "#hello"

but reading of location object (href and hash) is not allowed

tested on 3rd Nov 11, on chrome, ie6/7/9, firefox 3.6/4

edit1: can put a demo live if people would like

edit2: http://dl.dropboxusercontent.com/u/14376395/html/xdomain.html :)

edit3: beware: if you're using this method, make sure you have control over all iframe'd pages otherwise nefarious 3rd party sites could potentially control yours using hash tags

edit4: better solution http://ternarylabs.com/2011/03/27/secure-cross-domain-iframe-communication/ currently being used by the Google JavaScript API

edit5: dropbox domain name changed to 'dl.dropboxusercontent.com'

这篇关于为什么不能设置其父母的location.hash？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！