0
我以爲下面的工作不正常,因爲我正在嘗試XSS,但我試圖執行本地端口重定向來確認,它仍然無法正常工作。有人可以告訴我這是不是XSS,如果不是,爲什麼它不起作用?Ajax.Request到外部網站:XSS或不?
<html>
<div id="output"></div>
<script src="prototype.js" type="text/javascript"></script>
<script type="text/javascript">
function test()
{
this.url = "http://www.google.com"
}
test.prototype.run = function()
{
var request = new Ajax.Request(this.url,
{
method: "get",
onSuccess: this.success.bind(this),
onFailure: function(response) { alert("failure"); }
});
};
test.prototype.success = function(response)
{
var debug = "this.url = " + this.url + ",<br>"
+ " response.status = " + response.status + ",<br>"
+ " response.statusText = " + response.statusText + ",<br>"
+ " response.readyState = " + response.readyState + ",<br>"
+ " response.responseText = " + response.responseText + ",<br>"
+ " response.responseXML = " + response.responseXML + ",<br>"
+ " response.responseJSON = " + response.responseJSON + ",<br>"
+ " response.headerJSON = " + response.headerJSON + ",<br>"
+ " response.request = " + response.request + ",<br>"
+ " response.transport = " + response.transport + ",<br>"
+ " response.transport.readyState = " + response.transport.readyState + ",<br>"
+ " response.transport.responseText = " + response.transport.responseText + ",<br>";
document.getElementById("output").update(debug);
};
new test().run();
</script>
</html>
沒錯。 XSS是一種攻擊。同樣的來源政策是爲了防止這種類型的攻擊。否則,網站可以簡單地從Gmail或任何其他網站加載數據並竊取信息。如果您想從Ajax的外部站點加載數據,請在您的網站上使用代理,然後通過代理加載數據。 – Erlend
對,正好。 –