堆栈内存溢出
  简体   繁体   English

在页面内加载页面

[英]Load page within the page

 原文  2009-02-19 11:10:35       php/ javascript/ jquery/ html/ ajax

问题描述

I'm a beginner in PHP and Javascript.. 我是PHP和Javascript的初学者。

I found a link from http://cmichaelis.whsites.net/whblog/jquery-extjs-1/example2 我从http://cmichaelis.whsites.net/whblog/jquery-extjs-1/example2找到了一个链接

Inside it there is a code saying : 里面有一个代码说: 

function addPanel(location)
{
 tabpanel.add({
       autoLoad: {url: location},
       title: 'More Information...',
       closable:true,
       autoScroll:true
 }).show();
}

how to use : 如何使用 : 

<a href="javascript:void(0);"
   onclick="addPanel('loadpage.php?a=http://www.google.com')">
   head over to Google
</a>

What I want to ask is.. what is the code for loadpage.php? 我想问的是.. loadpage.php的代码是什么?

2 个解决方案

解决方案1
 1  2009-02-19 11:37:34

The PHP page does not echo out the contents of google.com as suggested in the other answer. PHP页面不会按照其他答案中的建议回显google.com的内容。 It outputs an iframe that points to Google: 它输出一个指向Google的iframe: 

<iframe src="http://www.google.com" width="100%" height="100%" frameborder="no"></iframe>

解决方案2
 0  2009-02-19 11:31:27

It looks like loadpage.php could be in use to echo out the contents of www.google.com , using file_get_contents . 看来可以使用file_get_contents来使用loadpage.php www.google.com的内容。

loadpage.php : loadpage.php 

<?php
    // Simplified output - should sanitise $_REQUEST params etc first..
    echo file_get_contents($_REQUEST['a']);
?>

loadpage is effectively acting as a proxy, allowing your javascript to call pages which are not on your own domain. loadpage有效地充当了代理,允许您的JavaScript调用不在您自己域中的页面。

As @annakata points out in the comments, the code above is obscenely dangerous as-is. 正如@annakata在评论中指出的那样,上面的代码是非常危险的。 The code is an illustration of the basic idea behind a proxy file - in production, this file would need to make sure that the $_REQUEST parameters were sanitised, eg only accept values from a whitelist. 该代码说明了代理文件背后的基本概念-在生产中,该文件将需要确保$_REQUEST参数已被清除,例如仅接受白名单中的值。

The same origin policy is a security element of javascript that stops you from pulling content from outside your domain on to your page using javascript. 相同的原始策略是javascript的安全元素,可阻止您使用javascript将内容从域外拉到页面上。

Some sites get around this by calling a proxy page on their own server ( loadpage in this instance) which effectively just prints out the content of a target url. 一些站点通过在其自己的服务器上调用代理页面(在本例中为loadpage )来解决此问题,该代理页面实际上只是打印出目标URL的内容。 As this proxy page is on your server, this by-passes the same origin security issue, and still makes available the content of a page from another domain - here www.google.com 由于此代理页面位于您的服务器上,因此绕过了相同的来源安全性问题,并且仍然可以提供来自另一个域的页面内容-在此处www.google.com

Oops, I somewhat foolishly didn't RTFA, but just the code in the question and hypothesised at what it could be doing. 糟糕,我有些愚蠢,没有使用RTFA,但是只是问题中的代码,并假设它可以做什么。 @andynormancx is right in his answer as to what the page linked in the q is actually doing. @andynormancx正确地回答了q中链接的页面实际在做什么。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用页面加载Javascript在HTML页面内加载PHP页面 - Load PHP page within HTML page with Javascript On Page Load 使用 PHP 在另一个页面中加载页面 - Load a page within another one, using PHP 在主页面中动态加载PHP - Dynamically load PHP within a main page 从AJAX加载页面中的另一页面加载div - Load div from another page within an AJAX loaded page 使用 ajax 重定向页面并加载/刷新该页面中的 div - Redirect a page and load/refresh a div within that page using ajax 将页面加载到同一页面 - load page to the same page AJAX无法在Codeigniter中加载同一DIV中的页面 - AJAX not working in codeigniter to load page within same DIV 在HTML页面的特定div中加载一些PHP链接? - Load some PHP link within a specific div in HTML page? 从Twitter Bootstrap模式内加载php页面 - Load a php page from within a twitter bootstrap modal PHP / jQuery Ajax /在Ajax处理页面中加载xml - PHP / jQuery Ajax / load xml within Ajax Processing Page
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM