1

I have a problem with loading data into an < object > using Javascript. It refuses to work in Chrome, no error message either.

You can see a minimal example to play with here: http://tinkerbin.com/HIqG0ypb

It is strange to me that browsers assume object.data could be set as URI but display content available at that URI. It sounds like a security flaw : full content could be injected into a page without using frame. I wonder if test.com in your example has access to window.parent or something like that

[EDIT]

So

<script type="text/javascript">
  function openFrame() {
    document.getElementById('testFrame').data="http://test.com";
  }
</script>

Must be written for Chrome as :

<script type="text/javascript">
  function openFrame() {
    document.getElementById('testFrame').data="http://test.com";
    var el = document.getElementById("testFrame");
    var h = el.innerHTML;
    el.innerHTML = h;
  }
</script>

where testFrame is :

  <object id="testFrame" type="text/html" style="overflow-x: hidden; width: 100%; height: 100%" />
4

1 回答 1

0

对我来说很奇怪浏览器假设 object.data 可以设置为URI但显示该 URI 上可用的内容。这听起来像是一个安全漏洞:可以在不使用框架的情况下将全部内容注入页面。我想知道您示例中的 test.com 是否可以访问 window.parent 或类似的东西

[编辑]

所以

<script type="text/javascript">
  function openFrame() {
    document.getElementById('testFrame').data="http://test.com";
  }
</script>

必须为 Chrome 编写为:

<script type="text/javascript">
  function openFrame() {
    document.getElementById('testFrame').data="http://test.com";
    var el = document.getElementById("testFrame");
    var h = el.innerHTML;
    el.innerHTML = h;
  }
</script>

其中 testFrame 是:

  <object id="testFrame" type="text/html" style="overflow-x: hidden; width: 100%; height: 100%" />
于 2012-06-28T13:18:52.330 回答