我试图通过我创建的小型演示来理解相同的原始策略。但不知何故出现了问题。以下是2个不同域(我在XAMP中托管的虚拟域)上的html文件: -
domain1.com
<html>
<title>
DOMAIN1.COM
</title>
<script>
function showTheirSecret()
{
var stolenSecret=document.getElementById('stealSecret').contentWindow.document.getElementsByName("mySecret")[0].value;
if (stolenSecret)
{
alert("Script on this page accessed the secret box and says "+stolenSecret);
}
else
alert("Script on this page can not access the secret box!! ");
}
</script>
<body>
WELCOME TO <h1>domain1.com</h1><br>
This is the contents on domain1.com. <br>
These can not be accessed by domain2.com
<br>
<br>
<iframe id="stealSecret" src="http://localhost/~user/training/domain2.com/"></iframe>
<br>
<br>
<h2>
Click the "ok" button to see domain 2's secret text.
</h2>
<input type="button" value="stealData" onclick="javascript:showTheirSecret()">
</body>
</html>
domain2.com
<html>
<title>
DOMAIN2.COM
</title>
<script type="text/javascript">
function showMe()
{
var secret=document.getElementsByName("mySecret")[0].value;
if(secret)
{
alert("Script on this page accessed the secret box and says "+secret);
}
else
alert("Script on this page can not access the secret box!! ");
}
</script>
<body>
WELCOME TO <h1>domain2.com</h1><br>
This is the contents on domain2.com. <br>
These can not be accessed by domain1.com
<br>
<h2>
Put your secret text here !!
</h2>
<h2>
Click the "ok" button to see your own text.
</h2>
<input type="password" name="mySecret" value ="">
<input type="button" value="ok" onclick="javascript:showMe()">
</body>
现在让我说我在domain1.com和iframe(拥有domain2.com),我在iframe的文本框中添加了一些文本。现在我点击&#34; stealData&#34;按钮。理想情况下,我期待的是,相同的原始策略应该启动,我不应该被允许访问iframe中文本框的内容。同样应该在Firefox的java脚本控制台中作为错误可见。但这并没有真正发生。为什么?
答案 0 :(得分:0)
感谢所有人。在通过RichieHIndle的评论之后,我意识到设置域名本身是一个错误。我的域的httpd-vhosts.conf条目不正确。纠正这个文件完成了工作,我得到了我所期待的。我可以看到同样的原产地政策。