Javascript 书签在某些网站上失败,创建幽灵般的新页
我注意到我的 Javascript 书签在某些网站上失败,例如 Google Reader 和 Google 搜索结果页面(以及随机在一些非 Google 网站上)。查看控制台,我可以看到,对于这些页面,单击小书签并没有像通常那样将元素附加到头部/正文,而是创建了一个如下所示的新文档:
<html>
<head></head>
<body></body>
</html>
即使当我将小书签减少为 javascript:alert(window.location.href); 它将创建此空白页面并在其中运行小书签,以便警报显示 about:blank。在大多数站点上,不会创建此空白页面,并且会显示正确的位置。
有人可以解释一下吗?这些网站是否将外部运行的代码沙箱化作为安全措施?
更新:目前我无法在 Chrome 17.0.932.0 开发版以外的浏览器上重现此问题。如果其他人可以在 Chrome 或其他设备上重现这些结果,请告诉我。
I noticed that my Javascript bookmarklet was failing on certain sites like Google Reader and Google search results pages (and randomly on some non-Google sites). Looking at the console, I could see that, for these pages, clicking the bookmarklet did not append elements to the head/body like it normally did, but created a new document that looked like this:
<html>
<head></head>
<body></body>
</html>
Even when I reduced my bookmarklet to javascript:alert(window.location.href); it would create this blank page and run the bookmarklet therein, so that the alert showed about:blank. On most sites, this blank page is not created and the correct location is shown.
Can someone explain this? Are these sites sandboxing externally run code as a safety measure?
UPDATE: I currently can't reproduce this on browsers other than Chrome 17.0.932.0 dev. Please let me know if anyone else can reproduce these results on Chrome or otherwise.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我认为这是 Google Chrome 中的一个错误,我已将其提交到他们的错误数据库中: https ://bugs.webkit.org/show_bug.cgi?id=72606
I think this is a bug in Google Chrome, I've filed it to their bug database: https://bugs.webkit.org/show_bug.cgi?id=72606
您需要确保最上面的代码,即
javascript:之后的代码不返回任何内容。通常这是通过将所有内容包装在
void()中来完成的:很奇怪的是,它与
alert()中断,因为函数本身不返回任何内容......You need to ensure that the topmost code, i.e. the one right after
javascript:does not return anything.Usually this is done by wrapping everything in
void():It's very odd that it breaks with
alert()though since the function itself doesn't return anything...如果
javascript:url 返回一个字符串,它将用于创建一个新文档:如果您不知道要注意的话,这可能是一个很难调试的问题。如果您使用返回字符串的函数或以设置字符串值的行结束小书签,则可能会出现这种情况:
一个简单的解决方案是使用闭包:
另一种方法是以
void 0; 结尾>If a
javascript:url returns a string it will be used to create a new document:This can be a tough issue to debug if you don't know to watch out for it. It can crop up if you use a function that returns a string or end your bookmarklet with a line that sets a string value:
A simple solution is to use a closure:
An alternative is to end with
void 0;