c# - 写入 C# 变量的不安全 JavaScript 错误

Question

我在页面中有一些 JavaScript，它获取模块 Window 传递的值并将其分配给 C# 变量，因此它可以在后面的代码中使用。所以我的 JavaScript 看起来像:

JavaScript

<script type="text/javascript">

       function openSecure(args) {
           var manager = $find("<%= rwmSecure.ClientID %>");
           var domain = '<%=ConfigurationManager.AppSettings("CPCDomain").ToString %>';
           var URL;

           if (domain == 'localhost') {
               URL = 'http://localhost';
           }

           URL += "/WindowPage.aspx?args=" + args;
           manager.open(URL, "rwSecure");
       }
       function OnClientCloseSecure(oWnd, args) {
           var arg = args.get_argument();

           if (arg) {

               var ResultCode = arg.ResultCode;
               document.getElementById("hdnResultCode").value = ResultCode;
               var AuthCode = arg.AuthCode;
               var ReferenceNumber = arg.ReferenceNumber;
               var TransactionID = arg.TransactionID;
               var ErrorCode = arg.ErrorCode;
               var ErrorDescription = arg.ErrorDescription;
               var CardNumber = arg.CardNumber;
               var PONumber = arg.PONumber;
               //document.getElementById('<%=btn.ClientID %>').click();

               __doPostBack('pnlComplete', '');
           }
       }       
</script>

并进一步澄清这一点。模块窗口从 localhost 拉入页面，但模块窗口是从 localhost:61156 上的页面调用的。因此，一旦 javascript 设置了变量，它还会在 asp.net 按钮上发出单击命令以运行一些代码:

C#代码

protected void btn_Click(object sender, EventArgs e)
{
    if (string.IsNullOrEmpty(hdnResultCode.Value)) {
        dspConfirm();
        pnlComplete.Visible = false;
        pnlConfirm.Visible = true;
    } else {
        dspComplete();
        pnlComplete.Visible = true;
        pnlConfirm.Visible = false;
    }

}

所以当我运行它时，我得到一个 javascript 错误，上面写着:

Unsafe JavaScript attempt to access frame with URL http://localhost/SecurePayment.aspx?args=H4sIAAAAAAAEAOy9B2AcSZYlJi9tynt%2fSvVK1%2bB0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee%2b%2b999577733ujudTif33%2f8%2fXGZkAWz2zkrayZ4hgKrIHz9%2bfB8%2fIr578jMnL09%2b5k3etG%2fqbNlk07aolj%2bzi%2bdndsY7u%2f9PAAAA%2f%2f8VkT5ZIQAAAA%3d%3d&rwndrnd=0.23641548841260374 from frame with URL http://localhost:65116/ShoppingCart.aspx. Domains, protocols and ports must match.
b.RadWindow._registerChildPageHandlersScriptResource.axd?d=vMihE91hOtu6KBE47c3D9AjqD9Il5YI4LpCLhSvp5YZn6p98cl2a_AbJJmNWVZfnmjtLnCnYEoaBHBC919OsikIEmKq8TGOzWNWN_HUBLLo8fW7DdN4EuN3Q076lAa_FOwh_Yk2b3DL-W2Fv0&t=38ec0598:1125
b.RadWindow._onIframeLoadScriptResource.axd?d=vMihE91hOtu6KBE47c3D9AjqD9Il5YI4LpCLhSvp5YZn6p98cl2a_AbJJmNWVZfnmjtLnCnYEoaBHBC919OsikIEmKq8TGOzWNWN_HUBLLo8fW7DdN4EuN3Q076lAa_FOwh_Yk2b3DL-W2Fv0&t=38ec0598:1143
(anonymous function)ScriptResource.axd:47
Sys$UI$DomEvent$addHandler.browserHandlerScriptResource.axd:4048

那么有什么可能的解决方法或解决方法吗？这两天我一直在挠头，我准备扔掉我的键盘。 :) 谢谢!

Answer 1

您的 javascript 错误信息非常丰富。

Unsafe JavaScript attempt to access frame with URL http://localhost/SecurePayment.aspx?args=... from frame with URL http://localhost:65116/ShoppingCart.aspx. Domains, protocols and ports must match.

这听起来像是 Same Origin Policy 的异常

The policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.[1]

和

The term "origin" is defined using the domain name, application layer protocol, and (in most browsers) port number of the HTML document running the script. Two resources are considered to be of the same origin if and only if all these values are exactly the same.

您的脚本正在您本地机器上的站点的特定端口上运行，但试图访问本地机器上不同端口上的页面。我将从那里开始。