检测JavaScript是否在Sandboxed iframe中执行？ [英] Detect if JavaScript is Executing In a Sandboxed Iframe?

问题描述

我有一个正在Flash中播放视频的产品（如果可用），如果Flash不可用，我会回到HTML5。

I have a product that's playing a video in Flash (if available), and falls back to HTML5 if Flash isn't available.

我不能找到一种方法来确定JavaScript是否在带有sandbox属性的iframe中执行，这是我的解决方案所必需的，因为沙盒iframe会禁用所有插件。沙箱化的iframe可以像这样简单：

I'm not able to find a way to determine if JavaScript is executing within an Iframe with the "sandbox" attribute, which is necessary for my solution because sandboxed iframes disable all plugins. The sandboxed iframe could be as simple as this:

<iframe src="http://www.cross-domain.com/" sandbox="allow-scripts">

要确定Flash是否启用，我使用swfobject的方法检查navigator.plugins [Shockwave Flash]。描述，即使在沙盒iframe中也会设置。我可以加载swf对象，但它不会播放。

To determine if Flash is enabled, I'm using swfobject's method of checking navigator.plugins["Shockwave Flash"].description, which is set even when in a sandboxed iframe. I can load the swf object, but it doesn't play.

要重现此问题，请访问 http://jsfiddle.net/max_winderbaum/9cqkjo45/ ，打开你的铬检查器并点击运行。

To reproduce this issue, visit http://jsfiddle.net/max_winderbaum/9cqkjo45/, open your chrome inspector and click "Run". The script on the cross-domain site will pause in the context of the sandboxed iframe.

根据http://dev.w3.org/html5/spec-preview/browsers.html#sandboxing-flag-set ，在JavaScript可以访问的文档上应该有一个活动沙箱标志集（至少这就是我正在阅读的规范）。似乎没有在iframe的文档上设置任何标记。

According to the W3 spec at http://dev.w3.org/html5/spec-preview/browsers.html#sandboxing-flag-set, there is supposed to be an "active sandboxing flag set" on the document that JavaScript can access (at least that's how I'm reading the spec). There doesn't seem to be any flag set on the iframe's document.

是否有任何想法/解决方案如何检测JavaScript是否在沙盒iframe中执行？

Does anyone have any ideas / solutions on how to detect if JavaScript is executing from within a sandboxed iframe?

推荐答案

一个项目 sandblaster 可以帮助您检测是否正在运行沙盒。

A project sandblaster can help you detect if you running being sandboxed.

沙盒检查自身是否先构成框架，然后扫描框架元素的属性检测关于它自己的一些信息。这些包括 framed ， crossOrigin ，沙箱， sandboxAllowances ， unsandboxable ， resandboxable ， sandboxable 。

Sandbox check if itself is framed first and then scans through the attributes of the frame element to detect several information about itself. These includes framed, crossOrigin, sandboxed, sandboxAllowances, unsandboxable, resandboxable, sandboxable.

为了检测自身是否在我们的情况下是沙箱，它会检查frame元素是否具有属性 sandbox < code $。



To detect if itself is sandboxed in our case, it checks if the frame element has an attribute sandbox.

// On below `frameEl` is the detected frame element
try {
  result.sandboxed = frameEl.hasAttribute("sandbox");
}
catch (sandboxErr) {
  result.sandboxed = null;
  if (typeof errback === "function") {
    errback(sandboxErr);
  }
}

我尝试复制您的问题并测试解决方案的工作，由于安全问题，我不得不将脚本粘贴到窗口本身。

I tried to replicate your issue and to test if this solution works, I had to paste the script into the window itself due to the security issue.

<html>
    <head>
    </head>
    <body>

    <script>
        //Paste the contents of the script(https://raw.githubusercontent.com/JamesMGreene/sandblaster/master/dist/sandblaster.js) here

        var result = sandblaster.detect();
        if(result.sandboxed === true) {
            //sandboxed
        }
        debugger;
    </script>
    </body>
</html>

这是一个演示： http://jsfiddle.net/Starx/tzmn4088/ 显示了这个工作。

Here is a demo: http://jsfiddle.net/Starx/tzmn4088/ that shows this working.

这篇关于检测JavaScript是否在Sandboxed iframe中执行？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！