xml XSL 在 Google Chrome 中不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4558160/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
XSL not working in Google Chrome
提问by Nate
I've seen plenty of posts all around about this... but I can not, for the life of me, figure out what my problem is! Google Chrome just displays a blank page when I try to transform XML with XSL. When I view source, I see the raw XML. IE works.
我已经看到很多关于这个的帖子......但我一生都无法弄清楚我的问题是什么!当我尝试使用 XSL 转换 XML 时,Google Chrome 仅显示一个空白页面。当我查看源代码时,我看到的是原始 XML。IE工作。
I have an XML document that looks like this...
我有一个看起来像这样的 XML 文档......
<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="http://localhost/xsl/listXSL.php"?>
<links>
<link id="1" name="Google Home Page" url="http://www.google.com/" clicks="0" />
<link id="2" name="Facebook" url="http://www.facebook.com/" clicks="1" />
<link id="3" name="Gmail" url="http://gmail.com" clicks="2" />
</links>
... and then the linked XSL file which looks like this...
...然后链接的 XSL 文件看起来像这样...
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<xsl:for-each select="links/link">
<a>
<xsl:attribute name="href">
<xsl:value-of select="@url" />
</xsl:attribute>
<xsl:value-of select="@name" />
</a><br />
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
You might notice that the XSL file is actually a PHP file, but this works fine in other browsers and I've tried changing it to .xsl for Chrome, but it doesn't help. What I'm doing wrong here?
您可能会注意到 XSL 文件实际上是一个 PHP 文件,但这在其他浏览器中运行良好,我尝试将其更改为 .xsl 以用于 Chrome,但没有帮助。我在这里做错了什么?
采纳答案by Pacerier
The reason this doesn't work is due to a security concern that Chrome has addressed in a controversial way[1][2][3][4], by blocking XML files from accessing local XSLT files in the same directory, while HTML files can access .CSS files in the same directory just fine.
这不起作用的原因是由于 Chrome 以一种有争议的方式解决了安全问题[1] [2] [3] [4],通过阻止 XML 文件访问同一目录中的本地 XSLT 文件,而 HTML files 可以访问同一目录中的 .CSS 文件就好了。
The justification given by the Chrome team in 2008 was this:
2008年被Chrome团队给出的理由是这样:
Imagine this scenario:
想象一下这个场景:
You receive an email message from an attacker containing a web page as an attachment, which you download.
You open the now-local web page in your browser.
The local web page creates an whose source is https://mail.google.com/mail/.
Because you are logged in to Gmail, the frame loads the messages in your inbox.
The local web page reads the contents of the frame by using JavaScript to access frames[0].document.documentElement.innerHTML. (An Internet web page would not be able to perform this step because it would come from a non-Gmail origin; the same-origin policy would cause the read to fail.)
The local web page places the contents of your inbox into a and submits the data via a form POST to the attacker's web server. Now the attacker has your inbox, which may be useful for spamming or identify theft.
您收到来自攻击者的电子邮件,其中包含您下载的网页作为附件。
您在浏览器中打开现在本地的网页。
本地网页创建一个其来源是https://mail.google.com/mail/。
由于您已登录 Gmail,因此框架会加载收件箱中的邮件。
本地网页通过JavaScript访问frames[0].document.documentElement.innerHTML来读取frame的内容。(Internet 网页将无法执行此步骤,因为它来自非 Gmail 源;同源策略会导致读取失败。)
本地网页将收件箱的内容放入 a 并通过表单 POST 将数据提交到攻击者的 Web 服务器。现在攻击者拥有您的收件箱,这可能对发送垃圾邮件或识别盗窃有用。
There is nothing Gmail can do to defend itself from this attack.
Gmail 无法保护自己免受这种攻击。
I do agree it's annoying, as a fix you've got 2 solutions:
我同意这很烦人,作为解决方案,您有两种解决方案:
Try running chrome with the
--allow-file-access-from-filesswitch (I've not tested this myself)Upload it to a host, and everything will be fine.
尝试使用
--allow-file-access-from-filesswitch运行 chrome (我自己没有测试过)将其上传到主机,一切都会好起来的。
回答by jaymjarri
Uploading to host soves problem for me. --allow-file-access-from-files switch solution did not work for me.
上传到主机解决了我的问题。--allow-file-access-from-files 开关解决方案对我不起作用。
回答by jaymjarri
In older version of Chrome, if you don't output a proper document with a known vocabulary (HTML, XHTML, SVG, etc.) you will not get a rendered page.
在旧版本的 Chrome 中,如果您不使用已知词汇(HTML、XHTML、SVG 等)输出正确的文档,您将无法获得渲染页面。
In modern version (I have 10.0.612.3 devinstalled), you get an styleless XML document (with a parsing error in your case because of the more than one root element result).
在现代版本(我已经10.0.612.3 dev安装)中,您会得到一个无样式的 XML 文档(在您的情况下,由于多个根元素结果而出现解析错误)。
Solution: Output a proper (with all the mandatory elements) HTML 4.0 document, or a proper (also with correct namespace) XHTML 1.0 document.
解决方案:输出一个适当的(带有所有必需元素)HTML 4.0 文档,或者一个适当的(也带有正确的命名空间)XHTML 1.0 文档。
回答by Farzad
Using --allow-file-access-from-files switch does the trick for me.
使用 --allow-file-access-from-files 开关对我有用。
I was trying to use offline documentation from installed software on my system. IE showed content by only asking permission to enable contents. I would say this can be added to chrome as well without sacrificing security.
我试图使用系统上已安装软件的离线文档。IE 仅通过请求启用内容的权限来显示内容。我想说这也可以添加到 chrome 中,而不会牺牲安全性。
回答by Jose Kj
I was able to load xml contents into html in chrome by storing the xml as variable in javascript as shown below.
通过将 xml 存储为 javascript 中的变量,我能够将 xml 内容加载到 chrome 中的 html 中,如下所示。
<html>
<head>testing</head>
<body>
<span id="num"></span> <span id="street"></span><br /> <span id="city"></span>, <span id="state"></span> <span id="zip"></span>
<script>
txt="<address>"+
"<street>Roble Ave</street>"+
"<mtfcc>S1400</mtfcc>"+
"<streetNumber>649</streetNumber>"+
"<lat>37.45127</lat>"+
"<lng>-122.18032</lng>"+
"<distance>0.04</distance>"+
"<postalcode>94025</postalcode>"+
"<placename>Menlo Park</placename>"+
"<adminCode2>081</adminCode2>"+
"<adminName2>San Mateo</adminName2>"+
"<adminCode1>CA</adminCode1>"+
"<adminName1>California</adminName1>"+
"<countryCode>US</countryCode>"+
"</address>";
if (window.DOMParser)
{
parser=new DOMParser();
xmlDoc=parser.parseFromString(txt,"text/xml");
}
else // Internet Explorer
{
xmlDoc=new ActiveXObject("Microsoft.XMLDOM");
xmlDoc.async=false;
xmlDoc.loadXML(txt);
}
document.getElementById("num").innerHTML=
xmlDoc.getElementsByTagName("streetNumber")[0].childNodes[0].nodeValue;
document.getElementById("street").innerHTML=
xmlDoc.getElementsByTagName("street")[0].childNodes[0].nodeValue;
document.getElementById("city").innerHTML=
xmlDoc.getElementsByTagName("adminName2")[0].childNodes[0].nodeValue;
document.getElementById("state").innerHTML=
xmlDoc.getElementsByTagName("adminCode1")[0].childNodes[0].nodeValue;
document.getElementById("zip").innerHTML=
xmlDoc.getElementsByTagName("postalcode")[0].childNodes[0].nodeValue;
</script>
</body>
</html>
回答by onex4
And here you go! It's actually very easy to use. Were you trying to use it on <body></body> tags? That doesn't work. It has to be a child of the body tag.
给你!它实际上非常易于使用。您是否尝试在 <body></body> 标签上使用它?那行不通。它必须是 body 标签的子代。
var xsltProcessor = new XSLTProcessor();
var myXMLHTTPRequest = new XMLHttpRequest();
myXMLHTTPRequest.open("GET", "chatxml.xsl", false);
myXMLHTTPRequest.send(null);
xslStylesheet = myXMLHTTPRequest.responseXML;
xsltProcessor.importStylesheet(xslStylesheet);
// load the xml file, example1.xml
myXMLHTTPRequest = new XMLHttpRequest();
myXMLHTTPRequest.open("GET", "44f683a84163b3523afe57c2e008bc8c.xml", false);
myXMLHTTPRequest.send(null);
xmlDoc = myXMLHTTPRequest.responseXML;
var fragment = xsltProcessor.transformToFragment(xmlDoc, document);
document.innerHTML = fragment;
console.log();
document.getElementById("c").appendChild(fragment);
