浏览外部 iframe 的历史记录
作为从一系列旧网站到单个新网站的临时过渡,我必须在 iframe 中显示多个网站,并且我使用 jQueryUI 的选项卡使其看起来不那么可怕。
但是,由于有多个选项卡,浏览器历史记录按钮可能会变得混乱和烦人,因此我尝试在每个选项卡顶部设置前进/后退按钮来导航其历史记录。
问题是,它们都是外部 URL,我遇到了常见的 XSS 安全问题。我当前的尝试是
jQuery('#'+id).contents()[0].history.back();
但是,正如预期的那样,我无权访问外部文档的 history 属性。
我能想到的唯一其他解决方案是在每次更改时跟踪 iframe 的 src,将其保存在列表中,然后每次更改它。如果可能的话,我宁愿避免这种混乱的方法。
那么,如何浏览外部 iframe 的历史记录,绕过 XSS 安全性?
As a temporary transition from a series of old sites to a single new site, I'm having to display multiple websites in iframes, and I'm using jQueryUI's tabs to make it not look horrendous.
However, since there are multiple tabs, the browser history buttons might get confusing and annoying, so I'm trying to get forward/back buttons atop each tab to navigate their history.
The problem is, they're all external URLs, and I'm running into the usual security issues of XSS. My current attempt is
jQuery('#'+id).contents()[0].history.back();
However, as expected, I don't have permission to access the external document's history property.
The only other solution I can think of is tracking the iframe's src every time it changes, keeping it in a list, and changing it from that every time. I'd rather avoid this messy approach, if possible.
So, how can I navigate the history of an external iframe, getting around the XSS security?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
也许这有点矫枉过正,但如果您没有主意,您可以尝试使用 PHP 的 CURL 库之类的东西加载这些外部站点,以便它们都来自同一域。
Maybe this is overkill but if you are out of ideas, you could try loading these external sites using something like PHP's CURL library so that they would all be from the same domain.
您可以在用户移动时跟踪 iframe 中的源,然后根据需要使用该列表...是的,我完全知道这是您建议的替代方法,对不起,但我不相信还有另一种方法方式,不过祝你好运。
You could keep track of the source in the iframe as the user moves around then use that list as needed....yes i am fully aware this is the alternate approach you suggested, sorry man, but i don't believe there is another way, good luck with that approach though.