在 javascript postmessage 上到本地磁盘上的父级 HTML iframe
我正在开发一个项目,该项目涉及在 iframe 中托管网页,而托管父 iframe 位于本地磁盘上的 HTML 文件中,例如在 c:\;而内部托管 iframe 位于某个服务器上。两个网页需要互相发送消息。
父 iframe(在本地磁盘上)向内部框架发送消息没有问题,因为它知道内部 iframe 的域;
但是,当内部 iframe 需要将消息发送回父 iframe 时,它需要提供本地磁盘上的父 iframe 的域。
我在内部 HTML 中尝试了以下操作,将消息发送到其位于本地磁盘上的父 IFrame:
*var messageToSend = {
jsonrpc: "2.0",
result: [result]
};
window.parent.postMessage(JSON.stringify(messageToSend), "file://");*
// window.parent IFrame is a HTML file that is on Local disk
但是当我尝试使用“file:”作为 postmessage 中的域时返回父 iframe,我收到“无效参数”错误。
有人可以帮忙吗? “本地盘html”的域名应该是什么?任何提示将不胜感激。
干杯
I am working on a project that involves hosting a webpage in a iframe, while the hosting parent iframe is in a HTML file on local disk, say on c:\; while the inner hosted iframe is on some server. The two webpages need to do postmessage to each other.
There is no problem for the parent iframe (on local disk) to postmessage to the inner frame, since it knows the domain of the inner iframe;
But when the inner iframe need to postmessage back to the parent iframe, it need to provide the domain of the parent iframe which is on local disk.
I tried the following in the inner HTML to postmessage to its parent IFrame, which is on local disk:
*var messageToSend = {
jsonrpc: "2.0",
result: [result]
};
window.parent.postMessage(JSON.stringify(messageToSend), "file://");*
// window.parent IFrame is a HTML file that is on Local disk
But when I try using "file:" as the domain in postmessage back to the parent iframe, I am getting a "Invalid argument" error.
Can some one help? What should the domain of "local disk html" be? Any hints will be highly appreciated.
Cheers
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不知道如何指定“文件”,我猜没有办法,因为它没有多大意义。源的目的是防止其他(可能是恶意的)页面看到您的消息,但如果源只是硬盘上的任何文件,则任何人都可以通过创建带有框架的 html 文件并从以下位置加载您的网页来看到它你的服务器。因此,指定“file”(即使有办法)并不比指定“*”更安全,因此只需使用“*”即可避免头痛。
I don't know how to specify "file", I'm guessing there is no way because it doesn't make much sense. The purpose of the origin is to prevent others (presumably malicious) pages from seeing your message, but if the origin is just any file on the hard disk, anyone could see it by creating an html file with a frame and loading your web page from your server. So specifying "file" (even if there were a way) is no more secure than specifying " * ", so just use " * " and save yourself the headache.