奇怪的 javascript XSS 错误
我正在设计一种在 iframe 之间进行通信的简单方法,尽管两个 URL 都有保存域,但我收到了奇怪的 XSS 错误。
Unsafe JavaScript attempt to access frame with URL file:///home/bryre/sharedData/Programs/javascript/pong/htdocs/connectionWindow.html from frame with URL file:///home/bryre/sharedData/Programs/javascript/pong/htdocs/connectionTest.html. Domains, protocols and ports must match.
我需要将它们放在服务器上才能使其正常工作吗?这是代码:
ConnectionTest.html
<html>
<head>
<title>connectionTest</title>
<script src='connection.js'></script>
</head>
<body>
<script>
var windowToConnectTo = document.createElement('iframe')
windowToConnectTo.src = 'connectionWindow.html'
document.body.appendChild(windowToConnectTo)
var connection = new Connection({});
connection.connect(windowToConnectTo, 10);
</script>
</body>
ConnectionWindow.html
<html>
<head>
<title>connectionTest</title>
<script src='connection.js'></script>
</head>
<body>
<script>
var connection = new Connection({});
</script>
</body>
connection.js
function Connection(commands){
this.inDiv = document.createElement('div')
this.inDiv.id = 'in'
this.inDiv.style.disply = 'none'
document.body.appendChild(this.inDiv)
this.commands = commands
}
Connection.prototype = {
attemptConnect: function(to){
to.document = (to.contentWindow || to.contentDocument)
if(to.document.document)
to.document = to.document.document
this.to = to.document.getElementById('in') //ERROR HAPPENS HERE
if(this.to == null)
return false
return true
},
connect: function(to, retryRate){
cThis = this
var interval = setInterval(function(){
if(cThis.attemptConnect(to))
clearInterval(interval)
}, retryRate)
}
}
I'm designing a simple way to communicate between iframes, and I am getting an odd XSS error, even though Both URLs have the save domain.
Unsafe JavaScript attempt to access frame with URL file:///home/bryre/sharedData/Programs/javascript/pong/htdocs/connectionWindow.html from frame with URL file:///home/bryre/sharedData/Programs/javascript/pong/htdocs/connectionTest.html. Domains, protocols and ports must match.
Do i need to have them on a server to get it to work? here is the code:
ConnectionTest.html
<html>
<head>
<title>connectionTest</title>
<script src='connection.js'></script>
</head>
<body>
<script>
var windowToConnectTo = document.createElement('iframe')
windowToConnectTo.src = 'connectionWindow.html'
document.body.appendChild(windowToConnectTo)
var connection = new Connection({});
connection.connect(windowToConnectTo, 10);
</script>
</body>
ConnectionWindow.html
<html>
<head>
<title>connectionTest</title>
<script src='connection.js'></script>
</head>
<body>
<script>
var connection = new Connection({});
</script>
</body>
connection.js
function Connection(commands){
this.inDiv = document.createElement('div')
this.inDiv.id = 'in'
this.inDiv.style.disply = 'none'
document.body.appendChild(this.inDiv)
this.commands = commands
}
Connection.prototype = {
attemptConnect: function(to){
to.document = (to.contentWindow || to.contentDocument)
if(to.document.document)
to.document = to.document.document
this.to = to.document.getElementById('in') //ERROR HAPPENS HERE
if(this.to == null)
return false
return true
},
connect: function(to, retryRate){
cThis = this
var interval = setInterval(function(){
if(cThis.attemptConnect(to))
clearInterval(interval)
}, retryRate)
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
它们没有任何域,它们是本地文件。使用 HTTP 服务器来访问它们。
They don't have any domain, they are local files. Use an HTTP server to access them.