The answer to Whyit is possible is perfectly simple. window.locationis part of the Web API, which is not exactly the same as the JavaScript core. It's part of the DOM interface, hence it's gouverned by W3C, not ECMA. That's why it allows you to manipulate the top-window's properties.

为什么有可能的答案非常简单。window.location是Web API 的一部分，它与 JavaScript 核心并不完全相同。它是DOM 接口的一部分，因此由 W3C 而非 ECMA 管理。这就是为什么它允许您操作顶部窗口的属性。

Strictly speaking, JS isn't capable of doing this, because it lacks IO capabilities, which makes the language extremely portable. That's why browser implementations require the DOM API, to query the DOM, and request repaints or interact with the client. The DOM, though, doesneed IO, because it renders, and reads from the actual UI. Some people in the ECMAScript committee would rather have seen the access to the window.topheavily restricted, if not removed all together, for XSS vulnerability reasons. Sadly W3C agreed to disagree, and implemented the window.topreference anyway.
Who's right or wrong in this case? I don't know, it's easy to redirect a client to a malicious site from within an iFrame, which is unsafe. But it would be frustrating to have an iFrame, and then not having access to the top window, which would mean not being able to interact with the client as easily. But that's not the point here. Bottom line is, you can change some top window properties, and it canbe useful. Just think about mashups. They pose a lot of challenges in terms of XSS safety, but open up a lot of new and exciting possibilities for webaps. To plug some of the most dangerous XSS vulnerabilities, take a look at ADSafe, which was created by Douglas Crockford. Google has a similar lib, but I forgot its name ATM...

严格来说，JS 没有能力做到这一点，因为它缺乏 IO 能力，这使得该语言非常具有可移植性。这就是浏览器实现需要 DOM API、查询 DOM、请求重绘或与客户端交互的原因。但是，DOM确实需要 IO，因为它渲染和读取实际 UI。window.top出于 XSS 漏洞的原因，ECMAScript 委员会的一些人宁愿看到对严格限制的访问，如果没有一起删除的话。遗憾的是，W3C 同意不同意，并且window.top无论如何都实施了参考。
在这种情况下谁对谁错？我不知道，很容易将客户端从 iFrame 中重定向到恶意站点，这是不安全的。但是如果拥有 iFrame，然后无法访问顶部窗口，这将令人沮丧，这意味着无法轻松地与客户端进行交互。但这不是重点。底线是，你可以改变一些顶级窗口的属性，它可以是有用的。想想混搭吧。它们在 XSS 安全方面提出了很多挑战，但为 webaps 开辟了许多新的和令人兴奋的可能性。要插入一些最危险的 XSS 漏洞，请查看由 Douglas Crockford 创建的ADSafe。谷歌有一个类似的库，但我忘记了它的名字 ATM ......

the Same origin policy doesn't apply here, either. By changing the url in the address bar in your browser window, you're changing the window.top.location.hrefproperty, too. If there were same-origin restrictions there, the internet would be dead. You're not sending a request to another location, you're not getting data from a third-party resource and loading it in your page, you're redirecting the browser to another location, which closes and clears the DOM.

同源政策也不适用于此处。通过更改浏览器窗口地址栏中的 url，您也在更改window.top.location.href属性。如果那里有同源限制，互联网就会死。您没有向另一个位置发送请求，您没有从第三方资源获取数据并将其加载到您的页面中，您将浏览器重定向到另一个位置，这会关闭并清除 DOM。

My guess is that it is the same reason you can do the following:

我的猜测是，这与您可以执行以下操作的原因相同：

<a href="http://google.com" target="_top">Redirect top to Google</a>

I found the rules for this behavior here: http://www.w3.org/TR/html5/browsers.html#valid-browsing-context-name-or-keyword

我在这里找到了这种行为的规则：http: //www.w3.org/TR/html5/browsers.html#valid-browsing-context-name-or-keyword

I couldn't find a "why", but personally I have found it useful to redirect the parent after someone has clicked on something within an iframe. You may want to first perform an async operation and validate something before redirecting the entire page. Since this is already possible using the <a>tag perhaps it was found appropriate in JS as well. Not sure why the <a>tag allows the functionality though.

我找不到“为什么”，但我个人发现在有人单击 iframe 中的某些内容后重定向父级很有用。您可能希望在重定向整个页面之前先执行异步操作并验证某些内容。由于使用<a>标签已经可以做到这一点，也许它也适用于 JS。不知道为什么<a>标签允许该功能。

That being said you can always prevent this behavior by adding sandbox=""attribute, example: http://jsfiddle.net/ppkzS/1/

话虽如此，您始终可以通过添加sandbox=""属性来防止这种行为，例如：http: //jsfiddle.net/ppkzS/1/

Whenever you use iframes, frames, or objects, you set up a hierarchy of windows, with these items acting as "window"s in this hierarchy.

无论何时使用iframes、frames、 或objects，都会设置一个窗口层次结构，这些项目在该层次结构中充当“窗口”。

You can traverse this hierarchy with properties such as .parent, .frameElementand the like. The property .topis the window at the highest point in the hierarchy and usually corresponds to the outermost frame.

你可以遍历这个层次具有如属性.parent，.frameElement等等。该属性.top是层次结构中最高点的窗口，通常对应于最外层的框架。

Someactions are prohibited between windows in the hierarchy, others are not. Changing the locationof a window is notprohibited.

层次结构中的窗口之间禁止某些操作，而其他操作则不禁止。不禁止更改location窗口。

Ultimately, people who say you cannot do this are incorrect. What you can'tdo is access the contents of one window from a different window if their domains differ. However, you canmodify their location properties.

归根结底，那些说你不能这样做的人是不正确的。如果域不同，您不能从另一个窗口访问一个窗口的内容。但是，您可以修改它们的位置属性。

If you have two frames on the same domain (and also same protocol and port too), then one frame can redirect the other to wherever you want, and also access javascript properties, execute function from the other frame, etc.

如果您在同一个域上有两个框架（并且也有相同的协议和端口），那么一个框架可以将另一个框架重定向到您想要的任何位置，并且还可以访问 javascript 属性，从另一个框架执行函数等。

Should you redirect one frame from the other to another domain (or protocol, or port), then you would lose the ability to do all that I previously stated due to the Same Origin Policy, but the redirect itself is allowed because, before the redirect, the two frames satisfied said policy.

如果您将一个帧从另一个域（或协议或端口）重定向到另一个域（或协议或端口），那么由于同源策略，您将无法执行我之前所说的所有操作，但重定向本身是允许的，因为在重定向之前，这两个框架满足了所说的政策。

Here is some useful information: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript

以下是一些有用的信息：https: //developer.mozilla.org/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript

Quoting from that page:

从该页面引用：

Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages.

如果两个页面的协议、端口（如果指定了一个）和主机相同，则两个页面具有相同的来源。

Obviously, framesis the same as pages.

显然，frames与 相同pages。