不安全的JavaScript尝试访问Google Chrome中的框架 [英] Unsafe JavaScript attempt to access frame in Google Chrome

问题描述

我们的网络应用程序（基于HTML5，SVG& JS）在Google Chrome浏览器以外的所有浏览器中运行良好。

很好，但是，所有附加到iFrame的javascript事件都不会被执行。我们在控制台发现错误：

pre $ 不安全的JavaScript尝试访问框架


目前，应用程序在本地托管，并且在内部测试期间出现此问题。

谷歌搜索引发了很多帖子，但没有任何具体的解决方案。任何建议？

解决方案

作为一项额外的安全措施，Chrome会将每个文件路径视为自己的原点，而不是将整个文件方案作为单一来源（这是其他浏览器所做的）。此行为仅适用于文件网址，您可以通过在启动时通过 - 允许文件访问文件开关强制Chrome恢复为单个本地来源（与其他浏览器类似） 。

你可以在这里找到更多关于本地原产地风险的信息： http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html

Our web application (based on HTML5, SVG & JS) runs fine in all the browsers except Google Chrome.

In Google Chrome, the normal javascript events run fine, however, all the javascript events attached to the iFrame are not executed. We get the error in the console:

Unsafe JavaScript attempt to access frame

At the moment, the application is locally hosted and this problem cropped up during inhouse testing.

Googling this brings up lots of posts but none suggests any concrete solution. Any suggestions?

解决方案

As an additional security measure, Chrome treats every "file" path as its own origin rather than treating the entire "file" scheme as a single origin (which is what other browsers do). This behavior applies only to "file" URLs and you can force Chrome to revert to a single local origin (like other browsers) by passing the --allow-file-access-from-files switch at startup.

You can find more information on the risks associated with local origins described here: http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html

这篇关于不安全的JavaScript尝试访问Google Chrome中的框架的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！