[英]Access iframe elements via jquery/javascript
OK, what I need to do is rather straightforward : 好的,我需要做的是相当简单:
$('iframe').contents()
, via the Chrome javascript console, I'm getting a warning about same-origin, etc. 通过Chrome javascript控制台尝试类似$('iframe').contents()
,我收到有关同源的警告等。 Any ideas? 有任何想法吗? It should be really easy... 应该真的很容易......
PS I'm not interested in workarounds that don't include an iframe
- it has to be an iframe
... PS我不感兴趣,不包括解决方法iframe
-它必须是一个iframe
...
(1) (1)
It is because the website you are loading in your iframe is in a different domain than the one hosting the iframe itself. 这是因为您在iframe中加载的网站与托管iframe的网站位于不同的域中。
See this: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript 请参阅: https : //developer.mozilla.org/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript
Thusly, the same origin policy will disallow Javascript to access/manipulate the page inside the iframe. 因此,相同的原始策略将禁止Javascript访问/操纵iframe内的页面。
(2) (2)
There is also a concept of sandboxing with HTML5, this attribute enables extra restrictions on the content that can appear in the inline frame. 还有一个使用HTML5进行沙盒的概念,此属性可以对内嵌框架中显示的内容进行额外限制。 The tokens are: allow-same-origin, allow-scripts etc. 令牌包括:allow-same-origin,allow-scripts等。
More Info: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe 更多信息: https : //developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe
Please check if your iframe is sandboxed? 请检查您的iframe是否为沙盒?
(3) (3)
Then, there is the X-Frame-Options
HTTP response header, which can be used to indicate whether or not a browser should be allowed to render a page in an iframe. 然后,有X-Frame-Options
HTTP响应头,可用于指示是否允许浏览器在iframe中呈现页面。 Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. 站点可以通过确保其内容未嵌入到其他站点中来避免点击劫持攻击。 It looks like this: 它看起来像这样:
<meta http-equiv="X-FRAME-Options" content="SAMEORIGIN">
The tokens here can be: deny, sameorigin or allow-from. 这里的标记可以是:deny,sameorigin或allow-from。
More Info: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options 更多信息: https : //developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
And: http://tools.ietf.org/html/rfc7034 并且: http : //tools.ietf.org/html/rfc7034
Please check if your page has got such header? 请检查您的页面是否有这样的标题?
(Lastly): (最后):
If all of the above don't apply to your scenario, then things should just work. 如果以上所有内容都不适用于您的场景,那么事情就应该有效。 Please post more information like the markup and your javascript. 请发布更多信息,如标记和您的JavaScript。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.