脚本标签破解 + AJAX第二层之后如何沟通
我想提供一个可嵌入的 javascript,它将从我的服务器获取脚本。反过来将从用户(具有我的可嵌入js的页面)获取一些详细信息并将其放回到我的服务器上。我该如何实现这一目标。
这是我提供的嵌入式js。
<script>
(function() {
read="This is the data which is entered by the user";
var istreet = document.createElement('script'); istreet.type = 'text/javascript'; istreet.async = true;
istreet.src = 'http://xyz.com/a.php;
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(istreet);
})();
</script>
这是 http://xyz.com/a.php 上的代码
$('<div id="content"></div>').appendTo('body');
$('#content').html('
Some html to inject to the page\'s dom .
');
$.get("http://xyz.com/process.php?dataToProcess="+read,function(data){
alert(data);
});
但我看到 $ .get("http://xyz.com/process.php?dataToProcess="+read,函数(数据){ // 导致跨域ajax请求
我不想解决跨域ajax问题。 我希望能够在两方(具有可嵌入脚本的一方和我的服务器)之间无缝通信。
I want to provide an embeddable javascript which will get a script from my server . Which in turn will get some details from the user(the page which which has my embeddable js) and put it back onto my server . How do i go about achieving this .
This is the embeddable js i provide .
<script>
(function() {
read="This is the data which is entered by the user";
var istreet = document.createElement('script'); istreet.type = 'text/javascript'; istreet.async = true;
istreet.src = 'http://xyz.com/a.php;
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(istreet);
})();
</script>
And this is the code on http://xyz.com/a.php
$('<div id="content"></div>').appendTo('body');
$('#content').html('
Some html to inject to the page\'s dom .
');
$.get("http://xyz.com/process.php?dataToProcess="+read,function(data){
alert(data);
});
But I see that the $.get("http://xyz.com/process.php?dataToProcess="+read,function(data){
// leads to a cross domain ajax request
I do not want to solve the cross domain ajax problem .
I want to be able to communicate between the two parties(the one with the embeddable script and my server) seamlessly .
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您需要做的只是 GET 请求,则可以使用 JSON-P(http://en.wikipedia.org/wiki/JSON#JSONP)。
在 JavaScript 中,语法如下:
“callback=?”属性告诉 JQuery 这是一个 JSON-P 请求。 JQuery 将用一些任意字符串替换“?” (更多详细信息请参见:http://api.jquery.com/jQuery.getJSON/) 。
为了使其正常工作,您还需要更改 process.php 处理程序。 PHP 处理程序应首先读取“callback”查询参数的值,然后将响应包装在该值中。
例如,如果 $.getJSON() 将参数“callback=abcd”发送到 php 页面,则 php 页面应返回:
需要注意的一些事项:
请务必转义使用以下命令发送到服务器的任何用户数据 请务必使用encodeURIComponent( )
如果 process.php 修改了用户数据,则在使用 GET 请求时应小心,因为这可能会导致 XSRF 攻击 (http://en.wikipedia.org/wiki/Cross-site_request_forgery)。
If all you need to do is a GET request, you can use JSON-P(http://en.wikipedia.org/wiki/JSON#JSONP).
In your JavaScript, the syntax would be something like this:
The "callback=?" property tells JQuery that this is a JSON-P request. JQuery will substitute some arbitrary string for the "?" (more details here: http://api.jquery.com/jQuery.getJSON/).
To make this work properly, you also need to change your process.php handler. The PHP handler should first read the value of the "callback" query parameter, and then wrap the response in that value.
For example, if $.getJSON() sends the parameter "callback=abcd" to the php page, the php page should return:
A few things to note:
Be sure to escape any user data you send to the server using encodeURIComponent();
If process.php modifies user data, you should be careful when using GET requests, as that could lead to XSRF attacks (http://en.wikipedia.org/wiki/Cross-site_request_forgery).
我使用跨域 iframe hack 在两个不同的域之间进行通信。我建议阅读此
http://softwareas.com/cross-domain-communication-with-iframes
I used this the cross domain iframe hack to commmunicate between the two different domain . I recommend reading this
http://softwareas.com/cross-domain-communication-with-iframes