javascript location.protocol 是否无效?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13214460/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is location.protocol ever invalid?
提问by Jamey Sharp
I want to construct URLs with the same scheme (presumably, "http:" or "https:") as the page that loaded the currently-running JavaScript. Modern browsers support simply omitting the scheme (for example, src="//example.com/test.js"), but this isn't fully cross-browser compatible. (I've read that IE 6 is the only browser that doesn't support it, but I still need compatibility with that version.)
我想使用与加载当前运行的 JavaScript 的页面相同的方案(大概是“http:”或“https:”)构造 URL。现代浏览器支持简单地省略该方案(例如,src="//example.com/test.js"),但这并不完全跨浏览器兼容。(我已经读到 IE 6 是唯一不支持它的浏览器,但我仍然需要与该版本兼容。)
The cross-browser way to do this seems to be to check location.protocol. For example, Google Analytics uses:
执行此操作的跨浏览器方式似乎是检查location.protocol. 例如,谷歌分析使用:
('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + ...
In Google's case, they wanted to use different domains depending on whether the request uses SSL, so that pattern makes sense. But I've seen others use the same pattern even when only the protocol is different:
在 Google 的案例中,他们希望根据请求是否使用 SSL 来使用不同的域,因此这种模式是有意义的。但我已经看到其他人使用相同的模式,即使只有协议不同:
('https:' == location.protocol ? 'https:' : 'http:') + "//example.com"
(One example is in the "Final Wufoo Snippet" at http://css-tricks.com/thinking-async/.)
(一个例子在http://css-tricks.com/thinking-async/的“最终 Wufoo 片段”中。)
I'd prefer to use this simpler expression instead:
我更愿意使用这个更简单的表达式:
location.protocol + "//example.com"
Should I really be concerned about the possibility of location.protocoltaking on some value other than "https:" or "http:" when my code is used on sites I don't control?
location.protocol当我的代码在我无法控制的网站上使用时,我真的应该担心采用“https:”或“http:”以外的其他值的可能性吗?
采纳答案by duskwuff -inactive-
It will always be set to something, but it may sometimes be set to a value that is neither "http" or "https". The three other values you're most likely to see are file:(for HTML files), about:(for iframe magic involving about:blank), and perhaps ftp:.
它将始终设置为某个值,但有时可能设置为既不是“http”也不是“https”的值。您最有可能看到的其他三个值是file:(对于 HTML 文件)、about:(对于涉及 的 iframe 魔术about:blank),以及ftp:.
回答by heikkim
Note:This is not strictly about document.location.protocol's return being valid or not but describes a very hard to spot bug (you can override the behaviour of document.location.protocol without writing any javascript).
注意:这并不是严格地关于 document.location.protocol 的返回是否有效,而是描述了一个非常难以发现的错误(您可以在不编写任何 javascript 的情况下覆盖 document.location.protocol 的行为)。
I've bumped in to one seemingly strange case where document.location.protocoldid not seem to work as it should. The site had a tracking-Javascript which used the following snippet to resolve the current protocol:
我遇到了一个看似奇怪的案例,其中document.location.protocol似乎无法正常工作。该站点有一个跟踪 Javascript,它使用以下代码段来解析当前协议:
var proto = ('https:' === document.location.protocol ? 'https://' : 'http://')
The site was on HTTPS but on some pages the protocol would turn out to be httpinstead of the expected https.
该站点使用 HTTPS,但在某些页面上,协议会变成http而不是预期的https。
After a lot of time spent in Googling and investigating the application stack configuration, one developer spotted that the pages the protocol resolving problem occurs, have a HTML-form with the following attribute:
在谷歌搜索和调查应用程序堆栈配置上花费了大量时间后,一位开发人员发现解决协议问题的页面有一个具有以下属性的 HTML 表单:
name="location"
This caused the protocol resolution to misbehave and incorrectly deduce the protocol to http instead of https (no, the form did not have a field called protocol nor it should have).
这导致协议解析行为不当,并错误地将协议推断为 http 而不是 https(不,表单没有名为协议的字段,也不应该有)。
回答by T.J. Crowder
Should I really be concerned about the possibility of document.location.protocol taking on some value other than "https:" or "http:" when my code is used on sites I don't control?
当我的代码在我无法控制的网站上使用时,我真的应该担心 document.location.protocol 具有除“https:”或“http:”以外的其他值的可能性吗?
Not particularly, but then again, there's no particular harm in your approach (pre-pending whatever the protocol is) instead. Google Analytics probably does the actual detection as much because they use a different host as anything else.
不是特别的,但话又说回来,你的方法没有特别的伤害(无论协议是什么)。Google Analytics 可能会进行实际检测,因为它们使用的主机与其他任何东西都不同。
