<a href=“javascript:history.go(-1)”>回去</a>安全吗?
[英]Is <a href=“javascript:history.go(-1)”>Go back</a> safe?
问题描述
I have a link like the one in the title in a custom 404 error page , which allows the user to go to the previous page just like with the browser's go back button. 
我在自定义404错误页面中的标题中有一个链接,该链接使用户可以像浏览器的“返回”按钮一样转到上一页。 I just wanna ask if this method of linking is safe or not. 我只是想问这种链接方法是否安全。 I guess it is safe, but I am not sure. 我猜它是安全的,但我不确定。 Thanks in regards! 谢谢问候!
1 个解决方案
解决方案1
1 已采纳 2014-01-06 16:03:21
One use case I can say that will not be "safe" is if the user has JavaScript disabled. 我可以说一个用例不是“安全”的,如果用户禁用了JavaScript。 In that case, you would have to create the link dynamically with server-side code using the HTTP referer header field's value as your href value on the anchor element. 在这种情况下,您将必须使用HTTP referer标头字段的值作为锚元素上的href值,使用服务器端代码动态创建链接。
Another thing to consider is the never-ending back and forth loop users would get stuck in, if they came from a page with an HTTP redirect. 要考虑的另一件事是,如果用户来自具有HTTP重定向的页面,则它们将陷入无休止的来回循环。
Edit : 编辑 :
As you said above, you can use $_SERVER['HTTP_REFERER'] but the documentation says 如上所述,您可以使用$_SERVER['HTTP_REFERER']但文档中说
.. This is set by the user agent.
In reality, most browsers do set it correctly though, and seeing how this is not mission critical I think it's safe if you use it. 实际上,大多数浏览器确实正确设置了它,并且看到这不是关键任务,我认为如果使用它是安全的。 You could also account for browsers that don't set it as follows: 您也可以考虑未按以下方式设置的浏览器:
if(isset($_SERVER['HTTP_REFERRER']))
{
// Show a Back button link, if the referrer is available
echo "<a href=\"".$_SERVER['HTTP_REFERRER']."\">« Back</a>";
}
else
{
// If not, show a link to your homepage instead
echo "<a href=\"". "//www.yoursite.com" ."\">Home</a>";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.