通过iframe脚本加载器避免全局污染? [英] Avoiding pollution of globals via iframe script loader?
问题描述
问题...
缺少编码的脚本需要包含在网页中。
这些脚本通过执行以下操作来污染全局作用域:
Object
和 Array
)及其原型
解决方案?
我想包括脚本没有不良副作用。我认为这可以通过在iframe中加载脚本并将对象导出为父窗口的属性来实现。以下是我到目前为止的内容:
< script>
(function(){
var g = this,frameIndex = frames.length,f = document.createElement('iframe');
// hide它是这样的,而不是display:none,因为一些旧的浏览器忽略了
// iframes与display:none,或者这是一个古老的习惯,我可以放弃?
f.style.width ='0px'; f.style.height ='0px';
f.style.border ='none'; f.style.position ='absolute';
//将其追加到document.body或document.documentElement?
// documentElement似乎在body被加载之前工作,
//但它是跨浏览器安全的吗?
document.body.appendChild(f);
// iframe的窗口对象
var w = frames [frameIndex];
//当脚本加载时,回调函数将对象拉入当前窗口
w.cb = function(){g.SomeObject = w.SomeObject};
//这会在IE上运行,还是我需要使用document.createElement?
//通缉在这种情况下避免document.createElement,因为我是不确定
//是否从window.document或frames调用它[frameIndex] .document
w.document.innerHTML ='< script onload =cb()src =myscript.js >< \ /脚本>';
}());
< / script>
问题:
-
如果脚本修改了内置原型并将其移至另一个窗口,或者我的父窗口的内置插件保持干净,将只是工作?
-
这个想法是在'最''浏览器上工作,还是有一个显示限制器?到目前为止,除了chrome和moz以外,还没有测试任何东西。
我想在将对象拉入当前窗口后删除iframe,但是moz如果iframe被移除,将会丢失对象引用。有没有人知道解决这个问题的方法? 这个问题已经完成了,还是有更好的方法来实现我的目标?如果是这样,我应该寻找的脚本或技术的名称是什么?
a href =https://stackoverflow.com/questions/3828423/haxe-for-javascript-without-global-namespace-pollution>这里)
- 将所有外部代码封装到一个类中 / li>
- 在调用乱码之前,使所有未声明的该类的标识符成员
- ,创建内置类的副本并以不同的方式命名它们<
(这是可能的吗?)。
我认为这应该解决所有问题。
>使用我的建议,您的示例
var badA =hahaha;
this.badB =hehehe;
badC =hohoho;
String.prototype.star = function(){return'***'+ this +'***'}
var somethingUseful = {
doStuff :function(){
alert((badA + badB + badC).star());
$ / code $ / pre
应该像这样
//标识为原型添加的属性(即字符串和函数)
//用于稍后过滤,如果您需要for-in循环。
var stringAddons = [];
var functionAddons = []
var _string = new String();
var _function = function(){};
(_string中的var属性){if(!_string.hasOwnProperty(property)){stringAddons.push(property); }}
(_function中的var属性){if(!_function.hasOwnProperty(property)){functionAddons.push(property); }}
//包装未声明的标识符
var global = function()
{
this.badA =hahaha;
this.badB =hehehe;
this.badC =hohoho;
String.prototype.star = function(){return'***'+ this +'***'}
this.somethingUseful = {
doStuff:function(){
alert((global.badA + global.badB + global.badC).star());
}
}
}
var global = new Global();
global.somethingUseful.doStuff();
棘手的部分是使所有未声明的标识符全局属性。
也许一个好的正则表达式脚本可以做到这一点。林不正确的正则表达式:)
Problem...
Poorly-coded scripts exist which need to be included on a web page.
These scripts pollute the global scope by doing things like:
- Assigning values to undeclared identifiers
- Adding properties to built-in constructor functions (like
Object
and Array
) and their prototypes
- Other nasty stuff.
Solution?
I want to include the scripts without the adverse side effects. I think it can be achieved by loading the script in an iframe and exporting objects as properties of the parent window. Here's what Ive got so far:
<script>
(function(){
var g=this, frameIndex=frames.length, f=document.createElement('iframe');
// hide it like this instead of display:none, because some old browser ignores
// iframes with display:none, or is this an ancient habit I can drop?
f.style.width='0px'; f.style.height='0px';
f.style.border='none'; f.style.position='absolute';
// append it to document.body or document.documentElement?
// documentElement seems to work before body is loaded,
// but is it cross-browser safe?
document.body.appendChild(f);
// window object for our iframe
var w=frames[frameIndex];
// callback function pulls the object into the current window when script loads
w.cb=function(){ g.SomeObject=w.SomeObject };
// will this work on IE, or do I need to use document.createElement?
// wanted to avoid document.createElement in this case because I'm not sure
// whether to call it from window.document or frames[frameIndex].document
w.document.innerHTML='<script onload="cb()" src="myscript.js"><\/script>';
}());
</script>
Questions:
Will there be potential havoc if a script modifies built-in prototypes and I move it into another window, or will my parent window's built-ins stay clean and everything will "just work?"
Is this idea going to work on 'most' browsers, or is there a show-stopper? Haven't tested on anything besides chrome and moz so far.
I'd like to remove the iframe after pulling the object into the current window, but moz will lose the object reference if the iframe is removed. Does anyone know of a way around that?
Has this already been done, or is there a better way to accomplish my goal? If so, what's the name of the script or technique I should to be looking for?
(question transplanted from here)
解决方案 This could be a possible solution:
- wrap all the foreign code into a class
- make all the undeclared identifiers members of that class
- before invoking the messy code, make a copy of the built-in classes and name them differently
(is this possible??).
I think this should solve all the problems.
With my suggestion, your sample
var badA = "hahaha";
this.badB = "hehehe";
badC = "hohoho";
String.prototype.star = function(){ return '***' + this + '***' }
var somethingUseful = {
doStuff: function () {
alert((badA + badB + badC).star());
}
}
should get like this
// Identifies the added properties to prototypes (ie String and Function)
// for later filtering if you need a for-in loop.
var stringAddons = [];
var functionAddons = []
var _string = new String();
var _function = function() {};
for (var property in _string) { if (!_string.hasOwnProperty(property)) { stringAddons.push(property); }}
for (var property in _function) { if (!_function.hasOwnProperty(property)) { functionAddons.push(property); }}
// Wraps the undeclared identifiers
var global = function()
{
this.badA = "hahaha";
this.badB = "hehehe";
this.badC = "hohoho";
String.prototype.star = function(){ return '***' + this + '***' }
this.somethingUseful = {
doStuff: function () {
alert((global.badA + global.badB + global.badC).star());
}
}
}
var global = new Global();
global.somethingUseful.doStuff();
The tricky part is making ALL the undeclared identifiers global properties.
Maybe a good regex script could make it. Im not that good with regex :)
这篇关于通过iframe脚本加载器避免全局污染?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!