我有一页,载有同一领域的另一页。 能否防止在设计页上打上这一文字,可以操纵DOM顶页(例如添加一个要素或文字)?
您可以尝试取消“危险”职能,但可避免匿名提及这些职能。
(function(){
var hiddenrefs = {};
hiddenrefs.dGetElementById = document.getElementById;
document.getElementById = null;
})();
等等。 然而,这将是一份 每一份的艰苦工作,一定会失败。 如果试图让使用者在一机范围内控制的环境中管理 Java字,那是一种错误的安全形式。 iframe can only issue top. place = “http://www.myevilpage.com”, 在这种情况下,它会为你带来任何结果。 (即使有不同的领域也是如此)。 轮机仍然可以把用户和各类新生事物重新定位,即使严格地说,可以进入母子OM。 允许用户使用联合材料法从来不会安全,而不会过滤恶意编码的来源代码,甚至通过过滤使其变得相当不安全,因为它最容易绕过过滤器。 许多人尝试过,许多人失败了。 我建议不要让用户使用 Java字。
最好的解决办法可能是在iframe上使用超文本5沙箱,这(违约)明确排除了给上级管理局的描述和同样的原始接触。
见。
How to get a selected text inside a iframe. I my page i m having a iframe which is editable true. So how can i get the selected text in that iframe.
I would like to click a link in my page using javascript. I would like to Fire event handlers on the link without navigating. How can this be done? This has to work both in firefox and Internet ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
Is there a reliable way to access the client machine s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use ...
I have a large javascript which I didn t write but I need to use it and I m slowely going trough it trying to figure out what does it do and how, I m using alert to print out what it does but now I ...
Is it possible for someone to give me a few pointers on how to display a multidimensional array in the form of a bar graph? The array is multidimensional, with three elements in each part - and the ...
Is it possible to reload a form after file-input change? I have a form where the user can chose an image for upload. I also have a php script which displays that image resized. I only wonder if it ...
I ve made a little forum and I want parse the date on newest posts like twitter, you know "posted 40 minutes ago ","posted 1 hour ago"... What s the best way ? Thanx.