是否可以在Mobile Safari中允许跨站点脚本(XSS)?
[英]Is it possible to allow Cross Site Scripting (XSS) in Mobile safari?
问题描述
I am building a hybrid app (HTML,CSS, JS + Native iOS code), and Would like to make calls to a web service, but this is being blocked currently by the XSS Security. 
我正在构建一个混合应用程序(HTML,CSS,JS +本机iOS代码),并且想调用Web服务,但是目前XSS Security阻止了此操作。
What do I need to do to turn off this security feature (or more likely provide a whitelist that is allowed to connect?) 我需要怎么做才能关闭此安全功能(或更可能提供允许连接的白名单?)
Thanks for the help! 谢谢您的帮助!
2 个解决方案
解决方案1
6 已采纳 2014-03-13 16:57:53
Yes. 是。
You can use Cross Origin Resource Sharing , iff you're allowed to configure the server to support it , and it works on enough browsers for your needs. 您可以使用跨源资源共享 ,前提是您可以配置服务器以支持该服务器 ,并且该服务器 可以在满足您需求的足够多的浏览器上运行。
解决方案2
0 2012-03-15 13:37:50
No. 没有。
XSS cannot be disabled in any browser - otherwise hackers could easily steal all your money from your bank account. 不能在任何浏览器中禁用XSS-否则,黑客很容易从您的银行帐户中窃取您的所有资金。 So this isn't a path that you can, should or want to take. 因此,这不是您可以,应该或想要走的路。
Ask another question where you describe more clearly what you need to achieve and we can probably help. 提出另一个问题,在这里您可以更清楚地描述您需要实现的目标,我们可能会提供帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.