Javascript跨域请求iframe VS jsonp
[英]javascript cross-domain request iframe VS jsonp
问题描述
I am writing an app that my client uses given javascript, which will collect some HTML data and post to my server. 
我正在编写一个客户端使用给定JavaScript的应用程序,该应用程序将收集一些HTML数据并将其发布到我的服务器上。 No data will be returned from my server. 我的服务器不会返回任何数据。
Iframe and Jsonp are two options. Iframe和Jsonp是两个选项。 I wonder what's the pro and con of each given my situation. 我想知道每种情况的利弊是什么。 Is there any security hole involved in one of them? 其中之一是否涉及任何安全漏洞?
another question is how can i identify the user? 另一个问题是如何识别用户? say one person copied the javascript and put on his website. 有人说复制了javascript并放到他的网站上。
1 个解决方案
解决方案1
0 已采纳 2011-11-17 01:13:43
JsonP allows you to get a response, while iframe (for the most part) doesn't. JsonP允许您获得响应,而iframe(大多数情况下)则没有。 The security issue with jsonP is that they must trust you not to return malicious javascript, since the "json" returned is really just arbitrary javascript that is essentially eval'd within the page on their domain. jsonP的安全性问题在于,他们必须信任您不要返回恶意javascript,因为返回的“ json”实际上只是本质上在其域页面中评估的任意javascript。 If you were evil, you could steal their customers' cookies or other info and post them back to your server. 如果您是邪恶的,则可以窃取其客户的Cookie或其他信息,然后将其发布回您的服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.