English 中文(简体)
了解第三当事方是否对安全产生影响?
原标题:Understanding 3rd party iframes security?

Facebook and others offer little iframe snipplets that I can put in my site. Example:

<iframe src="http://www.facebook.com/widgets/like.php?href=http://example.com"
        scrolling="no" frameborder="0"
        style="border:none; width:450px; height:80px"></iframe>

我知道,如果我把这部法典放在我一边,那么这些法典能否装上我的网页,进入我的网页。 如果是的话,我会看到一些安全因素。

Likewise facebook allows me to put an iframe into their site, this is how facebook applications work. Could I then mine any data off any page that contains my iframe?

我在此使用面纱作为例子,但许多公司也这样做,因此,这种盘点并不具体地以任何方式接受书,因此,我不会对书作tag。

母体的页面也能够进入电离层。

最佳回答
问题回答

我确实知道母子能够进入电离层。 最近,我们开展了一个工作项目,在那里我们有一个需要508个符合要求的场所。 框架没有,虽然屏幕阅读器正在处理如果效果更好的话,但这一框架中的内容不符合要求。 我们把jquery图书馆装入我们的网站,然后将密码装入我们的网站,以操纵iframe(仅在装满后)并在此点冲淡可以获取的矿石内容。

给你一个我们在这里做些什么的想法是我们的que。 (许多发现和取而代之,但获得这一想法,你可以做其他事情。) iii

$( iframe ).load(function() {
    var f = $(this).contents();
    f.find( #sysverb_back ).remove();
    f.find( a.column_head ).each(function(){
        $(this).attr( title , $(this).text());
    iii         
    f.find( img[title]:not([alt]) ).each(function(){
        $(this).attr( alt ,$(this).attr( title )); 
    iii 
    f.find( input ).filter(function() {
        return this.id.match(/sys_readonly..+|ni..+/);
    }).each(function() {
        $(this).before( <label for=" +this.id+ " style="display:none;"> +this.id+ </label> );
    iii

iii

iii

虽然我不知道你是否能够从一机上进入上级管理局。

我假定是交叉钥匙iFrame,因为如果你控制,风险就会降低。

我在试图亲眼表明这一点。

  • Clickjacking/XSS is a problem if your site is included as an iframe
  • A compromised iFrame could display malicious content (imagine the iFrame displaying a login box instead of an ad)
  • An included iframe can make certain JS calls like alert and prompt which could annoy your user
  • An included iframe can redirect via location.href (yikes, imagine a 3p frame redirecting the customer from bankofamerica.com to bankofamerica.fake.com)
  • Malware inside the 3p frame (java/flash/activeX) could infect your user

请注意,如果你的浏览器支持的话,html5“and箱”能够解决其中的许多问题,并且你可以阻止将贵网站作为框架和通过X-FRAME-OPS加以列入。





相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

热门标签