跨站点脚本iframe权限被拒绝的问题
[英]Cross Site Scripting Iframe Permission Denied issue
问题描述
I am getting Cross Site Scripting error on the following code. 
我在以下代码上遇到跨站点脚本错误。
Javascript Java脚本
function resizeIframe(ifRef)
{
var ifDoc;
//alert(ifRef);
try
{
ifDoc = ifRef.contentWindow.document.documentElement;
}
catch( e )
{
alert(e);
try
{
ifDoc = ifRef.contentDocument.documentElement;
}
catch( ee ){
alert(ee);
}
}
//var doc = ifRef.height;
//alert(doc);
if(ifDoc)
{
ifRef.height = 1;
ifRef.style.height = ifDoc.scrollHeight+'px';
}
}
Iframe iframe
<iframe onload="resizeIframe(this)" style="margin-bottom: 16px;" src="ourteamnav/first.php" frameborder="0" scrolling="no" width="597" height="240"></iframe>
The Errors are following 错误如下
For 'e' : 前面' :
Mozilla Firefox : Error: Permission denied to access property 'document' Mozilla Firefox: 错误:拒绝访问属性“文档”的权限
Google Chrome : TypeError: Cannot read property 'documentElement' of undefined 谷歌浏览器: TypeError:无法读取未定义的属性'documentElement'
Internet Explorer : TypeError: Permission denied Internet Explorer: TypeError:权限被拒绝
And for 'ee' : 对于“ ee”:
Mozilla Firefox : Error: Permission denied to access property 'documentElement' Mozilla Firefox: 错误:拒绝访问属性'documentElement'的权限
Google Chrome : TypeError: Cannot read property 'documentElement' of null Google Chrome: TypeError:无法读取null的属性“ documentElement”
Internet Explorer : Error: Access is denied. Internet Explorer: 错误:访问被拒绝。
I think it can not be solved in general way as it s happening because of domain is pointing another domain. 我认为由于域指向另一个域,因此无法以一般方式解决它。 So will anyone guide me to solve it without using these property of Javascript contentDocument.documentElement or contentWindow.document.documentElement for re-sizing the Iframe Content dynamically according to its inner Content. 因此,有人会指导我解决该问题,而无需使用Javascript contentDocument.documentElement或contentWindow.document.documentElement这些属性来根据其内部Content动态调整Iframe Content的大小。
Thanks 谢谢
2 个解决方案
解决方案1
3 2013-02-23 20:09:04
In addition to the answer of Christophe , I wanted to point out (sadly) postMessage doesn't work on all browsers. 除了Christophe的答案外,我想指出(不幸的是) postMessage不适用于所有浏览器。
Luckily, Josh Fraser already provided a backwards compatible version of window.postMessage() . 幸运的是, Josh Fraser已经提供了window.postMessage()的向后兼容版本 。 It checks if the browser supports the postMessage -method. 它检查浏览器是否支持postMessage方法。 If it does, it uses that. 如果是这样,它将使用它。 If not, it uses the URL (both from the iframe and the parent) to pass along data. 如果不是,则使用URL (来自iframe和父级)传递数据。
Now you can use the following methods to let both windows "talk" to eachother: 现在,您可以使用以下方法让两个窗口彼此“交谈”:
XD.postMessage(msg, src, frames[0]);
XD.receiveMessage(function(message){
window.alert(message.data + " received on "+window.location.host);
}, 'URL');
Just make sure you read the documentation properly, since the configuration has to be set just right. 只需确保您正确阅读了文档,因为必须正确设置配置。
解决方案2
2 2013-02-23 19:28:07
As you say, this is a cross-domain issue. 如您所说,这是一个跨域问题。
If you have control on both pages you can use postMessage to exchange information between the two pages. 如果您可以同时控制两个页面,则可以使用postMessage在两个页面之间交换信息。
Some references: 一些参考:
- Ben Alman's example of resizing iframes Ben Alman调整iframe大小的示例
- John Resig's article on postMessaging John Resig在postMessaging上的文章
- this excellent presentation on iframes (what you're interested in starts at slide 16 ). 关于iframe的精彩演讲 (您感兴趣的内容从幻灯片16开始)。
- a list of libraries/plugins that include this technique 包含此技术的库/插件的列表
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.