Javascript和相同的起源iframe [英] Javascript and same origin iframes

问题描述

是否可以使用页面上但在此框架之外的脚本来读取/编辑iframe内容（不仅仅是src等属性）？我知道如果来源是来自其他网站，那是不可能的，因为它会是一个很大的漏洞，但我只是问它是否适用于同一来源的其他内容。

Is it possible to read/edit iframe contents(not only properties like src) with scripts that are on page but outside of this frame? I know that is impossible if source is from other site as it would be a big serurity hole, but I only ask whether it works for other content from the same origin.

推荐答案

添加到已经说过的与从同一域加载的iframe进行交互的内容：

To add to what has already been said about interacting with iframes loaded from the same domain:

浏览器将允许您进行交互使用iframe（或框架），只要尝试进行交互的页面和您加载的页面具有相同的document.domain。

The browser will allow you to interact with iframes (or frames) as long as the page that is trying to do the interaction and the page that you have loaded have the same document.domain.

您可以设置document.domain到您加载的主机的后缀。例如如果您有一个从blog.fred.com加载的页面，并且它想要与一些名为jsonservice.fred.com的服务进行交互，则两个页面都必须执行

You can set the document.domain to a suffix of the host that you were loaded from. e.g. if you have a page loaded from blog.fred.com and it wants to interact with some service called jsonservice.fred.com, both pages will have to do

document.domain = 'fred.com';

之前，来自其中一个的javascript将能够与另一个进行交互。

before javascript from one will be able to interact with the other.

浏览器非常聪明，不允许您将document.domain设置为'.com'，以防您想知道......

Browsers are clever enough not to allow you to set your document.domain to '.com', in case you were wondering...

这篇关于Javascript和相同的起源iframe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！