How are bookmarklets( javascript in a link ) verfied by servers? How is security kept?

廉价感情. 提交于 2020-01-14 04:56:08

问题


I've been trying to access different domains from my JavaScript ( to pull the page title ) but can not b.c. of the same-origin policy.

What I realized is that JavaScript "installed" into the browser via bookmarklets is not restrained by this policy.

This got me to wondering how security is kept...for example delicious bookmarklets...I can just modify them and start ajaxing delicous.com...I don't plan on doing this but likewise someone could do this to a bookmarklet that I create.

How do you create security here?

Do some sites allow public access via ajax?


回答1:


As far as the server is concerned, there is no such thing as AJAX. AJAX requests are just HTTP requests like any other.

The restriction of cross domain AJAX is done by the browser for the sake of avoiding cross site scripting attacks (you wouldn't want a third party ad to have access to your Stack Overflow session data and be able to ship that somewhere else, would you?).

The browser (apparently) does not limit "bookmarklets" in the same way. If you decided to put a bit of script into a bookmark, I guess the browser is perfectly happy to execute it.



来源:https://stackoverflow.com/questions/10768768/how-are-bookmarklets-javascript-in-a-link-verfied-by-servers-how-is-security

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!