Unsafe JavaScript attempt to initiate navigation for frame with URL

后端 未结 1 2013
清歌不尽
清歌不尽 2021-02-19 08:22

This is a bit complicated, please bear with me. Website A has a iframe that contains website B and website B has a iframe that contain website C.

There is a button on

相关标签:
1条回答
  • 2021-02-19 08:48

    You can find an explanation of this behavior in a comment of the Chromium source code. See here:

    https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/core/frame/Frame.cpp&sq=package:chromium&rcl=1438193817&type=cs&l=202

    Basically top-level windows have less restrictions regarding navigation than other windows. See restrictions for non top windows:

    A document can navigate its decendant frames, or, more generally, a document can navigate a frame if the document is in the same origin as any of that frame's ancestors (in the frame hierarchy).

    Where as for top window:

    Specifically, a document can navigate a top-level frame if that frame opened the document or if the document is the same-origin with any of the top-level frame's opener's ancestors (in the frame hierarchy).

    Reason for that is:

    Top-level frames are easier to navigate than other frames because they display their URLs in the address bar (in most browsers).

    So basically, for a non top window, it absolutely needs to be same origin to allow navigation, but for top windows, a frame that was opened by that window can navigate even if it's not same-origin. Which seems to be the problem you're facing, when B is top, the same origin doesn't apply, but when it's not top, then it applies.

    According to this, I'm not sure there's a straightforward, or any at all, solution.

    0 讨论(0)
提交回复
热议问题