如何使用文件协议在 Chrome/Webkit 中从一帧调用 JavaScript 函数到另一帧
我开发了一个应用程序,它在一个框架中包含一个项目列表;当单击某个项目时,它会在另一个框架中执行某些操作(加载图像)。
这曾经在所有浏览器中运行良好,包括 Chrome 3;现在它在 Firefox 中仍然可以正常工作,但在最新版本的 Chrome 中(我相信从 4 开始)它会抛出此错误:
不安全的 JavaScript 尝试从 URL (...) 的框架访问 URL (...) 的框架。 域、协议和端口必须匹配。
这显然是一个安全“功能”,但是有可能绕过它吗?
这是一个简单的测试:
index.html:
<html>
<frameset cols="50%,50%">
<frame src="left.html" name="left"/>
<frame src="right.html" name="right"/>
</frameset>
</html>
left.html:
<html>
<body>
<a href="javascript:parent.right.test('hello');">click me</a>
</body>
</html>
right.html:
<html>
<body>
<script>
function test(msg) {
alert(msg);
}
</script>
</body>
</html>
上面的代码在 Firefox 3.6 和 Chrome 3 中有效,但在 Chrome 5 中它会抛出上述错误...
编辑:
- 添加了框架集元素的 @cols 属性
- 实际上当且仅当页面使用 http 协议(并且来自同一域)提供时它才可以在 Chrome 中工作,但是我的问题是当页面是本地的并且从文件提供时:/ / 协议。然后它可以在 Firefox(所有版本)和 Chrome 3 中运行,但不能在 Chrome 5 中运行(我没有 Chrome 4,所以我不确定该特定版本(并且不知道是否可以下载特定的 Chrome 版本) ?)——但对于 Chrome 5,我非常确定它不起作用)。
I have developed an application that has a list of items in one frame; when one clicks on an item it does something in another frame (loads an image).
This used to work fine in all browsers, including Chrome 3; now it still works fine in Firefox but in recent versions of Chrome (I believe since 4) it throws this error:
Unsafe JavaScript attempt to access frame with URL (...) from frame with URL (...).
Domains, protocols and ports must match.
This is obviously a security "feature" but is it possible to get around it?
Here is a simple test:
index.html:
<html>
<frameset cols="50%,50%">
<frame src="left.html" name="left"/>
<frame src="right.html" name="right"/>
</frameset>
</html>
left.html:
<html>
<body>
<a href="javascript:parent.right.test('hello');">click me</a>
</body>
</html>
right.html:
<html>
<body>
<script>
function test(msg) {
alert(msg);
}
</script>
</body>
</html>
The above works in Firefox 3.6 and Chrome 3 but in Chrome 5 it throws the above error...
Edit:
- added the @cols attribute to the frameset element
- in fact it works in Chrome if and only if the pages are served with the http protocol (and from the same domain) but my problem is when pages are local and served from a file:// protocol. Then it works in Firefox (all versions) and Chrome 3 but not Chrome 5 (I don't have Chrome 4 so I'm not shure about that specific version (and don't know if it's even possible to download a specific Chrome version?) -- but for Chrome 5 I'm very sure it doesn't work).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
请参阅密切相关问题的答案:使用文件协议调用 Chrome 中 iframe 中定义的 JavaScript 函数。
简而言之,使用
--allow-file-access-from-files启动 Chrome 可以“解决”问题,因为不会报告错误。当然,由于您是在 CD 上分发文件,因此您不太可能将其视为实际的解决方案。我建议为 Chromium bug 47416 加注星标,以鼓励 Chromium 开发者让 Chrome 更加符合 Gecko 的行为。
See the answers to the closely-related question: Call a JavaScript function defined in an iframe in Chrome using the file protocol.
Briefly, launching Chrome with
--allow-file-access-from-files"solves" the problem insofar as the error will not be reported.Of course, since you're distributing files on a CD, you're unlikely to view this an actual solution. I recommend starring Chromium bug 47416 to encourage the developers of Chromium to bring Chrome more into line with the behavior of Gecko.
我尝试了您的测试页面,它们在 Windows 上的 Chrome 4.1.249.1045 上运行良好(以及 Firefox 3.6.3 和 IE7 [修复下面的问题后])。所以我和佩卡一样(像往常一样):我认为问题一定出在其他地方。
它在 IE7 中不起作用,我花了很长时间才弄清楚为什么不起作用:您需要在
frameset上给出rows或cols标签,否则 IE 只加载一帧。 (如果我问的话,validator 会告诉我这一点。)I tried your test pages, and they work fine with Chrome 4.1.249.1045 on Windows (and Firefox 3.6.3, and IE7 [after fixing the issue below]). So I'm with Pekka (as usual): I think the problem must lie elsewhere.
It wasn't working in IE7 and it took me forever to figure out why not: You need to give either
rowsorcolson theframesettag, otherwise IE only loads the one frame. (The validator would have told me that if I'd asked it.)