stackoom
  简体   繁体   中英

Executing JavaScript on an iframe's contents from a different domain

 原文  2012-10-20 04:05:36       javascript/ security/ browser-bugs

Question

Is this denied by the browser? Is it possible?

If so, are that browser bugs that allow it to happen? I noticed this:

http://html5sec.org

How can you close these bugs and prevent them from working on your website? Can I detect if someone is trying to execute javascript from another domain?

Thanks.

1 answers

solution1
 0  2012-10-20 04:09:36

Javascript is executed by the browser, not the server. If a user wanted to, they can execute javascript on a website without an iframe. (Type javascript:alert('hello'); in the address bar).

You can not stop this, because it is being executed on the client, not on your site itself. Design your site in a way that no matter what they do with javascript, it can not affect the integrity of your site. Use server-side authentication and sessions, sanitize your database input , and do not do any security-based operations on the client side.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Iframe contents not accessible from a page in different domain Running Javascript in an iframe from a different domain Possible to resize iFrame after loading contents from a different domain? Accessing a document's text from an <iframe> that's hosted on a different domain Get javascript variable in an iframe from parent window in a different domain execute javascript function in a another iframe when parent is from different domain Executing javascript from within an iframe Executing Javascript in iFrame from Parent Javascript changing contents of an iFrame, from the inside of the iframe manipulate iframe from a different domain
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM