gpt4 book ai didi

jquery - 不安全的 JavaScript 尝试使用 URL 访问框架。它是本地的

转载 作者:行者123 更新时间:2023-12-01 01:28:24 26 4
gpt4 key购买 nike

我正在使用phonegap 构建一个jQuery 移动应用程序。当我尝试访问 iframe(可能是 webkit)中的页面时,存在不安全的 JavaScript 尝试访问框架的问题。框架页面和父页面都在本地,以file:///开头。我知道哪里有这样的问题 Unsafe JavaScript attempt to access frame in Google Chrome但我无法在手机上在启动时传递 --allow-file-access-from-files 开关。而且我也不想在互联网上部署我的应用程序。还有其他选择吗解决这个问题吗?最好不需要对浏览器做任何修改。谢谢。

最佳答案

我不确定 Webkit 是否遵循相同的规则,但有先例。

https://developer.mozilla.org/en/Same-origin_policy_for_file%3a_URIs

In Gecko 1.8 or earlier, any two file: URIs are considered to be same-origin. In other words, any HTML file on your local disk can read any other file on your local disk.

Starting in Gecko 1.9, files are allowed to read only certain other files. Specifically, a file can read another file only if the parent directory of the originating file is an ancestor directory of the target file. Directories cannot be loaded this way, however.

For example, if you have a file foo.html which accesses another file, bar.html, the load will succeed only if bar.html is either in the same directory as foo.html or in a directory contained within the same directory as foo.html.

This policy affects anything that does same-origin checks, including XMLHttpRequest, XSLT, and XBL.

For cross-window DOM access, each file is treated as a separate origin, with one exception: if a file is loaded from another file that would otherwise be able to load it following this same-origin policy, they are considered to have the same origin. This load can occur through a subframe, link, location set, call to window.open(), or the like.

For example, if the file /home/user/foo.html is a frameset and one of the frames is /home/user/subdir/bar.html, the frame and frameset are considered to share the same origin. On the other hand, if the file /home/user/subdir/foo.html is a frameset and the frame is /home/user/bar.html, the frame and frameset are considered to have different origins.

The new security.fileuri.strict_origin_policy preference, which defaults to true, can be set to false if the user doesn't want to strictly enforce the same origin policy on file: URIs.

关于jquery - 不安全的 JavaScript 尝试使用 URL 访问框架。它是本地的,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7149776/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com