-1
我想通過一個我創建的小演示來理解相同的源策略。但不知何故出了問題。下面是2個不同域的HTML文件(我在XAMP託管虛擬域): -同源策略不起作用
domain1.com
<html>
<title>
DOMAIN1.COM
</title>
<script>
function showTheirSecret()
{
var stolenSecret=document.getElementById('stealSecret').contentWindow.document.getElementsByName("mySecret")[0].value;
if (stolenSecret)
{
alert("Script on this page accessed the secret box and says "+stolenSecret);
}
else
alert("Script on this page can not access the secret box!! ");
}
</script>
<body>
WELCOME TO <h1>domain1.com</h1><br>
This is the contents on domain1.com. <br>
These can not be accessed by domain2.com
<br>
<br>
<iframe id="stealSecret" src="http://localhost/~user/training/domain2.com/"></iframe>
<br>
<br>
<h2>
Click the "ok" button to see domain 2's secret text.
</h2>
<input type="button" value="stealData" onclick="javascript:showTheirSecret()">
</body>
</html>
domain2.com
<html>
<title>
DOMAIN2.COM
</title>
<script type="text/javascript">
function showMe()
{
var secret=document.getElementsByName("mySecret")[0].value;
if(secret)
{
alert("Script on this page accessed the secret box and says "+secret);
}
else
alert("Script on this page can not access the secret box!! ");
}
</script>
<body>
WELCOME TO <h1>domain2.com</h1><br>
This is the contents on domain2.com. <br>
These can not be accessed by domain1.com
<br>
<h2>
Put your secret text here !!
</h2>
<h2>
Click the "ok" button to see your own text.
</h2>
<input type="password" name="mySecret" value ="">
<input type="button" value="ok" onclick="javascript:showMe()">
</body>
現在讓我說我在domain1.com和iframe中(保存domain2.com),我在iframe的文本框中放置了一些文本。現在我點擊「stealData」按鈕。因此,理想情況下,我期望的是相同的原產地策略應該啓動,我不應該被允許訪問iframe中文本框的內容。同樣的,在Firefox的java腳本控制檯中也應該顯示爲錯誤。但這並不是真的發生。爲什麼?
在你談論「domain1.com」和「domain2.com」的問題中,但在你的HTML中,你有'