发表新帖
发表新帖

Open google document in a compact form / switching to a compact form

后端 未结
关注
2 1906
刺人心
刺人心 2021-01-27 04:32

In my project I load a google document into a separated div. Google document interface includes a button which hides the menu and switches the view to a more compact form.

相关标签:
2条回答
  • 南笙
    2021-01-27 04:51

    Answer:

    Due to the same-origin policy it is not possible to execute JavaScript code to interact with contents inside an iframe from a domain that it does not share.

    Explanation:

    As it appears you have already discovered, the same-origin policy is a critical web application security policy dating back to 1995 which restricts the execution of scripts from one web page from interacting with another unless the two webpages share the domain.

    http://subdomain.domain.com/some/path.html and http://subdomain.com/som/other/path.html would be able to interact with each other under this policy as the protocols, ports, and domains are all shared between them. Changing any of these though, would result in a failure of the script interaction:

    Using the example domain http://subdomain.domain.com/path.html:

    • http://subdomain.domain.com/path2.html will work as only the path differs.
    • https://subdomain.domain.com/path.html will not work as the protocols differ.
    • http://subdomain.domain.com:894/path.html will not work as the ports differ.
    • http://subdomain2.domain.com/other-path.html will not work as the hosts differ.

    Note: Internet Explorer has a couple of exceptions where scripts will run for the cases where only the ports differ, or if the two domains are intranet domains, but this is non-standard.

    Reasoning:

    For cases like yours, it is relatively benign if scripts access other domains for click emulation or alert popups - but in other cases where personally identifiable or data payment information is being stored or transmitted, strict separation of the two domains is important to keep private information private.

    References:

    • Same-origin policy - MDN web docs
    • The Document Object Model (DOM) - MDN web docs
    • Make Google Docs, Sheets, Slides & Forms public
    0 讨论(0)
  • 臣服心动
    2021-01-27 05:00

    I think it is impossible due to the same-origin policy.

    0 讨论(0)
 看不清?
提交回复
热议问题