I m 期望开发一个网站,主办超5级游戏。 由于这些游戏有可能包括恶性 j片,我很想知道如何为主办这些游戏建立一个安全的环境。
似乎把游戏放在一旁是答案,但我对网站开发来说是一个相对新的问题,因此有些问题:
有一种简单的方式来安全地主办同一领域的游戏,或......
游戏是否必须在不同的领域进行,然后植根于一旁,以便与上级文件互动?
如果游戏是在另一个领域举行的,那么它能否以任何恶意的方式与东道国领域互动?
现场穿戴和过度装 co,将令人严重关切。 利用浏览器Same原产地政策将是你捍卫这一政策的宝贵方法。 ref1 ref2
coolgames.com vs mycoolgames.com) - This will segregate the origin-scope of your code from theirs.bob.mycoolgames.com, dave.mycoolgames.com) - This will help to segregate the origin of the different developers. Each will need to be careful to never scope cookies to .mycoolgames.com or they will overexpose themselves.You may also wish to further protect your own app by utilising the new Content Security Policy support in modern browsers. This will additionally help to mitigate against clickjacking attacks.
Regarding iframes:
您能解释一下,你为什么认为你需要一刀子? 哪些错误与旧式连接?
如果图形设计要求必须使用iframe,那么,如果把所有嵌入的游戏装入一个动态的网页,www.mycoolegas.com,如果你不保留任何敏感的系统、数据或代码,那么所有用户认证系统、CMS系统和数据只能放在*.coolegas.com。
<>First- 这是一个巨大的问题! 在设计一个基于框架的东道解决办法时,我提出了同样的问题。
<>二<>>>>>>-在经过短暂搜索后一 ve跨过<条形>沙箱/条码>
TLDR——它使开发商能够宣布哪一种安全选择将适用于iframe,让浏览器确定一种有针对性的限制性范围
因此,我发现一篇伟大的文章,为这一特征使用提供了真正的世界样本,并作了一些明确的解释(关于这个专题,here)。 简言之:
<iframe sandbox="security options goes here" src="your hosted page"></iframe>
安保方案包括:
- allow-forms allows form submission.
- allow-popups allows popups (window.open(), showModalDialog(), target=”_blank”, etc.).
- allow-pointer-lock allows (surprise!) pointer lock.
- allow-same-origin allows the document to maintain its origin; pages loaded from https://example.com/ will retain access to that origin’s data.
- allow-scripts allows JavaScript execution, and also allows features to trigger automatically (as they’d be trivial to implement via JavaScript).
- allow-top-navigation allows the document to break out of the frame by navigating the top-level window.
例如:
<iframe sandbox="allow-scripts allow-popups" src="https://mywebsite.com/hosted_page"></iframe>
值得一提的是,这一安全特征得到了高度支持(https://caniuse.com/iframe-sand Box”rel=“nofollow noreferer”>can I use for the relief)
www.un.org/Depts/DGACM/index_french.htm
I am trying to create a search text-field like on the Apple website. The HTML looks like this: <div class="frm-search"> <div> <input class="btn" type="image" src="http://www....
I have a div <div id="masterdiv"> which has several child <div>s. Example: <div id="masterdiv"> <div id="childdiv1" /> <div id="childdiv2" /> <div id="...
I m writing a php script to crop an image. The script overwrites the old image with the new one, but when I reload the page (which is supposed to pickup the new image) I still see the old one. ...
<form><input type="file" name="first" onchange="jsFunction(2);"> <input type="file" name="second" onchange="jsFunction(3);"</form> Possible to pass just numbers to the js ...
So I ve got a menu with a hover/selected state and it loads fine in IE6/IE7. However when I scroll down the page and put the element outside of the viewport and then back in I get a broken image! I ...
I am building some basic HTML code for a CMS. One of the page-related options in the CMS is "background image" and "stretch page width / height to background image width / height." so that with large ...
Is it possible to reload a form after file-input change? I have a form where the user can chose an image for upload. I also have a php script which displays that image resized. I only wonder if it ...
I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!