[英]Javascript HTTPS-Frame Access to Parent HTTP-Frame
How can an IFRAME with URL https://domain/
access the DOM of the parent frame which has URL http://domain/
(HTTPS calls HTTP)? 具有URL
https://domain/
的IFRAME如何访问具有URL http://domain/
的父框架的DOM(HTTPS称为HTTP)?
Both frames will cooperate. 两个框架将合作。 The domain is the same in both frames, just the protocol is different .
两个帧中的域都相同,只是协议不同 。 Setting
document.domain
is not allowed as that would allow for XSS attacks coming from other untrusted frames. 不允许设置
document.domain
因为那样将允许来自其他不受信任框架的XSS攻击。
As an alternative to accessing the DOM it would be enough to send a message (containing a single integer). 作为访问DOM的替代方法,发送一条消息(包含一个整数)就足够了。 Notice, that the
postMessage
API only works in IE8+. 请注意,
postMessage
API仅在IE8 +中有效。 I need IE6+ . 我需要IE6 + 。
Is easyXDM an option. 是easyXDM的一个选项。 It supports postMessage for browsers with support, and falls back to other mechanisms for older browsers.
它支持带有支持的浏览器的postMessage,并回退到旧版本浏览器的其他机制。 Some of the mechanisms are a bit hacky but they work.
其中一些机制有些棘手,但可以起作用。
But why do you want to have a secure iframe on an insecure page? 但是,为什么要在不安全的页面上放置安全的iframe?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.