Geek asks and answers

Java script in IFRAME security issues

At http://imaginaryman-test.blogspot.com/, the typewriter is inside an IFAME. Everything works correctly in all browsers when you go to the site directly http://castedspell.com/mark/ , but when viewing the version built into IFRAME, it does not work in IE and causes errors in Chrome.

Insecure JavaScript is trying to access the frame from the URL http://imaginaryman-test.blogspot.com/ from a frame with the URL http://castedspell.com/mark/ . Domains, protocols, and ports must be consistent.

This is the source code of the built-in iframe https://github.com/totheleftpanda/typeWrite/tree/master/mark

I understand that this is a security problem, but I do not know how to fix it, and I can not find material that will help me solve the problem .

+3
source share
5 answers

The easiest way is to install a PHP proxy server (or any server) that simply receives the contents of the page from another domain and displays it. The only real drawback is that client cookies for the remote domain are not sent.

+3
source

Your only chance is something like easyXDM. (or do it manually using a hash, but prefer easyXDM)

. SO: -

. :
http://easyxdm.net/wp/2010/03/17/remote-procedure-calls-rpc/

EDIT:

firefox, " JavaScript ". Chrome .
, , . / , , -, javascripts.

+1

. , iframe, , , javascript . Javascript iframe iframe, javascript , .

, ​​ . , , , (, , , ) .

, , :

1) javascript?

2) ?

0
source

It may be simpler than the answers above. It looks like this function:

function playSound(){
    swf.playSound();
}

It is written on the DOM timeline before swf is actually assigned to swfObject in the function below.

I would recommend moving this feature further and then retesting.

0
source

More articles:


All Articles