堆栈内存溢出
  简体   繁体   English

如何将HTML代码小部件转换为Javascript格式

[英]How to translate HTML code widget to Javascript format

 原文  2018-04-26 02:09:24       javascript/ html/ iframe

问题描述

I am new to coding but had a question I have this code: 我是编码新手,但有一个问题要输入以下代码: 

<script class="scriptId_300x160_331391" type="text/javascript">
var ci_cap_scriptId = "331391";
var ci_cap_bid = "1472100001";
var ci_cap_format = "300x160";
var ci_cap_channel = "";
</script>
<noscript><p>Coupons powered by <a href="https://www.coupons.com? 
pid=13903&nid=10&zid=xh20&bid=1472100001">Coupons.com</a></p> 
</noscript>
<script type="text/javascript" src="//bc.coupons.com"></script>

I am trying to figure out how to properly display it in HTML iFrame. 我试图弄清楚如何在HTML iFrame中正确显示它。 My website is hosted through Wix.com and they only display code in this format any suggestions on what to add/edit in order for it to display? 我的网站是通过Wix.com托管的,它们仅以这种格式显示代码,以显示或添加任何有关添加/编辑内容的建议。 I've tried to play with it JSFiddle ( http://jsfiddle.net/9rzrt5yL/1/ ) but it will show in HTML but not in Javascript (which is what I need for it to work) 我尝试过使用它的JSFiddle( http://jsfiddle.net/9rzrt5yL/1/ ),但是它将以HTML而不是Javascript形式显示(这是我需要它起作用的原因)

1 个解决方案

解决方案1
 3  2018-04-26 02:50:07

The answer is you can't due to XSS attack 答案是您不能由于XSS攻击

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. 跨站点脚本(XSS)攻击是一种注入,其中恶意脚本被注入到原本良性和可信的网站中。 XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. 当攻击者使用Web应用程序将恶意代码(通常以浏览器脚本的形式)发送给其他最终用户时,就会发生XSS攻击。 Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. 使得这些攻击成功的缺陷非常普遍,并且在Web应用程序使用其生成的输出中未经验证或编码的情况下使用来自用户的输入的任何地方都存在。

An attacker can use XSS to send a malicious script to an unsuspecting user. 攻击者可以使用XSS将恶意脚本发送给毫无戒心的用户。 The end user's browser has no way to know that the script should not be trusted, and will execute the script. 最终用户的浏览器无法知道该脚本不受信任,并将执行该脚本。 Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. 由于恶意脚本认为脚本来自受信任的来源,因此可以访问该浏览器保留并与该站点一起使用的任何cookie,会话令牌或其他敏感信息。 These scripts can even rewrite the content of the HTML page. 这些脚本甚至可以重写HTML页面的内容。 For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting. 有关不同类型的XSS缺陷的更多详细信息,请参阅:跨站点脚本的类型。

In you case, I think you should look on WIX documentation or ask for WIX support staff to help you out. 如果您遇到这种情况,我认为您应该查看WIX文档或要求WIX支持人员来帮助您。 I think they would have something for that somewhere. 我认为他们会在某处为此提供一些东西。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将此PHP代码转换为Javascript? - How to translate this PHP code into Javascript? 如何将此代码块转换为 javascript? - how to translate this block of code to javascript? 如何将带有序列化的PHP代码转换为javascript代码? - how to translate PHP code with serialization into a javascript code? 谷歌翻译HTML小部件无法正常工作 - Google Translate html widget not working HTML - 如何使用 Javascript 翻译页面内容? - HTML - How to translate page content using Javascript? 如何在 html 页面中翻译 Javascript 消息 - How to translate a Javascript message in an html page 如何使用Javascript将我的Json转换为HTML? - How to translate my Json in HTML with Javascript? 如何将这个Python代码翻译成JavaScript? (涉及集) - How to translate this Python code to JavaScript? (involves Sets) 如何将此代码从 Jquery 转换为 Vanilla Javascript? - How to translate this code from Jquery to Vanilla Javascript? 如何使用 html 为计数计时器格式化 javascript 代码? - How to format javascript code with html for a count up timer?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM