如何在我的页面中加载外部 web 页面并隐藏一些内容(避免跨站点问题)
[英]How to Load an external web page inside my one and hide some content (avoiding cross site problems)
问题描述
I need to incorporate in my web application some content from an external dynamic web page on which I have no control.
我需要在我的 web 应用程序中合并一些来自我无法控制的外部动态 web 页面的内容。
Then I need to filter some of the content of this page or to hide it for presenting only the relevant part that is interesting for my use.然后,我需要过滤此页面的某些内容或将其隐藏以仅显示我感兴趣的相关部分。
I need also that the scripts on the external page are still working on the source site of the loaded content without cross-site protection.我还需要外部页面上的脚本仍在加载内容的源站点上运行,而没有跨站点保护。
Is all that possible?这一切都可能吗? How can I do it?我该怎么做? Any code example, please?请问有代码示例吗?
I suppose that this can be made with JS on client side.我想这可以用客户端的 JS 来完成。 I work on back side and these themes are quite extraneous to me, please don't blame me.我在背面工作,这些主题对我来说很无关紧要,请不要怪我。
1 个解决方案
解决方案1
0 已采纳 2019-10-16 19:36:38
No, it is not possible.不,这是不可能的。
Browser same-origin policy is designed to prevent malicious websites from doing evil .浏览器同源策略旨在防止恶意网站作恶。
Same-origin Policy restricts JavaScript network access to prevent evil .同源策略限制 JavaScript 网络访问以防作恶。
Same-origin Policy also restricts script API Access to prevent evil .同源策略还限制脚本 API 访问以防止邪恶。
From the Docs:从文档:
JavaScript APIs like iframe.contentWindow , window.parent , window.open , and window.opener allow documents to directly reference each other.
To communicate between documents from different origins, use window.postMessage .
— MDN Web Security Reference - Cross-origin script API access
One can not use <iframe> elements as a way to "avoid cross site problems".不能使用<iframe>元素作为“避免跨站点问题”的一种方式。 The Same Origin Policy was created to protect users from evil web pages.创建同源策略是为了保护用户免受恶意 web 页面的侵害。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.