Document.domain 和
这是一个非常紧迫的问题,我将永远感激任何能够提供一些见解的人。
我将把一个小部件(称为“ISM”)部署到第三方站点。该网站使用 document.domain JavaScript 属性来放宽跨域限制(例如,将“a.example.com”和“b.example.com”中的 document.domain 设置为“example.com”,以便它们可以访问每个其他人的 DOM)。
由于我构建
要了解我在说什么,请在 IE 中加载此页面:
http://troy .onespot.com/static/3263/stage1.html
您应该看到 JavaScript 错误:“访问被拒绝。”
为了解决这个问题,我设置动态创建的
http://troy.onespot.com/static/3263/stage2.html
这样就解决了安全问题,让我可以将原本想要写入的文档写入
http://troy.onespot.com/static/3263/stage3.html
有了该文档,我的小部件会对我们的服务器进行一些轮询以获取我想要的一些 HTML 内容插入到另一个
http ://troy.onespot.com/static/3263/stage4.html
问题来了。当我获取该 HTML 内容并将其插入到第二个
http://troy.onespot.com/static/3263/stage5。 html
如果您点击“Google”链接,一切似乎都很好。但是,当导航回上一页(具有后一个测试脚本)时,会引入另一个 JavaScript 错误:“权限被拒绝”。这不会终止脚本,并且似乎没有任何不良影响,除了我认为它连接到损坏的“后退”按钮功能这一事实,这是一个非常大的问题 - 我正在拼命尝试解决这个问题解决。我无法调试这个错误,因为它的调用堆栈在 jQuery 脚本中启动和停止。
您也可能会遇到此错误 - 具有更严重的症状 - 通过转到上面的最后一个链接(stage5.html - 首先清除浏览器缓存)。单击“第 5 阶段(再次)”链接,然后在该页面加载后单击“返回”按钮。
“返回”按钮完全坏了!除了另一个 URL,你不能去任何地方。
这是我需要尽快解决的问题。任何见解或帮助将非常感激!
我不能太多地偏离这个方法,所以开箱即用的建议绝对受欢迎,但由于小部件规范的限制,我可能无法使用它们。我更愿意了解“后退”按钮损坏的原因以及如何修复它,以及与 jQuery 相关的“权限被拒绝”错误。
This is a very urgent problem and I'd be forever indebted to anyone who can lend some insight.
I'm going to be deploying a widget (called the "ISM") to a third-party site. That site uses the document.domain JavaScript property to relax cross-domain restrictions (e.g., setting document.domain in "a.example.com" and "b.example.com" to both "example.com" so they can access each other's DOMs).
This causes problems with my script in Internet Explorer due to the way that I construct an <iframe> that is used to display my widget's HTML content. In Internet Explorer, using document.domain on a page, and then creating an <iframe> with JavaScript, will cause you to be immediately "locked out" of the <iframe> - i.e., you can create it, but it's not created in the correct document.domain, so you're not able to access its DOM due to security restrictions. This isn't a problem in any other browser.
To see what I'm talking about, load this page in IE:
http://troy.onespot.com/static/3263/stage1.html
You should see a JavaScript error: "Access is denied."
To get around this, I'm setting the dynamically created <iframe>'s "src" attribute to load a static HTML file that's hosted in the same domain (different subdomain), and setting its document.domain property to the appropriate value:
http://troy.onespot.com/static/3263/stage2.html
That gets around the security issue, and lets me write the document I originally wanted to write to the <iframe>:
http://troy.onespot.com/static/3263/stage3.html
With that document in place, my widget does some polling to our server to get some HTML content that I want to insert into another <iframe>, which will be visible to visitors of the parent page. I've roughly simulated that here (using static content, not actually contacting our server):
http://troy.onespot.com/static/3263/stage4.html
Here comes the problem. When I get that HTML content and insert it into the second <iframe>, I now face an unusual issue with a broken "Back" button. This happens in Firefox 3.0 and all version of IE (possibly other browsers), though it does not happen in some browsers I've tested (Firefox 3.5, Safari, Chrome). See this page:
http://troy.onespot.com/static/3263/stage5.html
If you click the "Google" link, all seems fine. But, when navigating back to the previous page (that has the latter test script), another JavaScript error is introduced: "Permission denied." This does not terminate the script, and does not appear to have any ill effects, other than the fact that I assume it's connected to the broken "Back" button functionality, which is a very big problem - the one I'm desperately trying to solve. I'm at a loss to debug this error since its call stack starts and stops in the jQuery script.
You can also encounter this error - with more serious symptoms - by going to the last link above (stage5.html - clear your browser cache first). Click the "Stage 5 (Again)" link, then, after that page has loaded, click the "Back" button.
The "Back" button is completely broken! You can't go anywhere except to another URL.
This is the problem that I need to solve as soon as possible. Any insights or help would be extremely appreciated!
I can't deviate from this method too much, so outside-the-box suggestions are definitely welcome, but I may not be able to use them due to the constraints of the widget's specifications. I would prefer to understand why the "Back" button is breaking and how to fix it, along with the "Permission denied" error related to jQuery.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
由于存在多个域,因此尝试修复此问题确实很困难。我听说的一件事是 IE 将空白 src 或“about:blank”视为不同的域,但它将“javascript:”“”视为同一域。您是否尝试过更改第一阶段以将 iframe src 设置为以下内容:
或者:
It's really hard to try out fixes for this because of the multiple domains. One thing I've heard is that IE treats a blank src or "about:blank" as a different domain, but it treats 'javascript:""' as the same domain. Have you experimented with changing stage one to set the iframe src to things like:
Or:
部分问题似乎是当我单击“Stage 5 Again”链接时,IE(至少是 IE 7)向历史记录中添加了两个名为“Domain”的条目。当您使用“后退”按钮旁边的小下拉箭头时,您将看到页面的历史记录,允许您后退不止一步。我看到前两个条目被列为“域”,单击其中一个条目会将我带到同一页面。第四个位置(在当前页面、域、域之后)是指向原始 stage5.html 页面的正确“ISM 返回按钮”链接。
因此,问题并不完全是后退按钮不起作用,而只是添加了历史记录中的条目,因此后退按钮会将您带到错误的位置。我不知道为什么这些“域”条目被添加到历史记录中,但希望这有助于为您指明有用的方向。
祝你好运!
Part of the problem seems to be that IE (at least IE 7) adds two entries to the history named "Domain" when I click on the "Stage 5 Again" link. When you use the little drop-down arrow next to the Back button you'll see the history of pages allowing you to step back more than one step. I see the previous two entries are listed as "Domain" and clicking either of those brings me to the same page. The fourth spot (after Current Page, Domain, Domain) is the correct "ISM Back Button" link to the original stage5.html page.
So the problem isn't exactly that the back button doesn't work, but just that the entries in the history are added and so the back button takes you to the wrong place. I don't have an answer as to why those "Domain" entries are being added to the history, but hopefully this helps point you in a useful direction.
Good luck!