如何在iframe之外操纵历史记录

时间:2016-06-13 14:52:55

标签: angularjs html5 iframe

我正在编写一个简单的角度应用程序,我想制作类似于浏览器的东西:输入框用户可以输入网址,iframe显示网址内容,用户可以按回去的按钮

我在iframe中使用$ sce到ng-src来接受任何网站用户输入。但由于CORS问题,无法实现历史记录功能。

有可能实现吗?感谢

JS

$scope.testurl = $sce.trustAsResourceUrl("http://www.baidu.com");
$scope.backPage = function () {
  var ifr = document.getElementById("myIframe");
  ifr.contentWindow.history.back();
}

HTML

<ion-view view-title="Account">
  <ion-content>
    <div ng-click="backPage()">BACK</div>
    <iframe id="myIframe" style="height:500px;width:100vw" ng-src="{{testurl}}"></iframe>
  </ion-content>
</ion-view>

错误

Error: Blocked a frame with origin "http://localhost:8101" from accessing a cross-origin frame.
    at Error (native)
    at Scope.$scope.backPage (http://localhost:8101/js/controllers.js:32:24)
    at fn (eval at compile (http://localhost:8101/lib/ionic/js/ionic.bundle.js:27638:15), <anonymous>:4:215)
    at http://localhost:8101/lib/ionic/js/ionic.bundle.js:65427:9
    at Scope.$eval (http://localhost:8101/lib/ionic/js/ionic.bundle.js:30395:28)
    at Scope.$apply (http://localhost:8101/lib/ionic/js/ionic.bundle.js:30495:25)
    at HTMLDivElement.<anonymous> (http://localhost:8101/lib/ionic/js/ionic.bundle.js:65426:13)
    at defaultHandlerWrapper (http://localhost:8101/lib/ionic/js/ionic.bundle.js:16787:11)
    at HTMLDivElement.eventHandler (http://localhost:8101/lib/ionic/js/ionic.bundle.js:16775:9)
    at triggerMouseEvent (http://localhost:8101/lib/ionic/js/ionic.bundle.js:2953:7)

2 个答案:

答案 0 :(得分:2)

使用window.history对象。

// For the current window
window.history.back();     
window.history.forward();

// For an iframe's window
iframe.contentWindow.history.back(); 
iframe.contentWindow.history.forward();

iframe.contentWindow.history.go(-1); // back
iframe.contentWindow.history.go(1);  // forward

https://developer.mozilla.org/en/dom/window.history

答案 1 :(得分:1)

  

对于不仅可以作为链接安全使用的URL,但其内容也可以安全地包含在您的应用程序中。示例包括除IMG之外的标签的ng-include,src / ngSrc绑定(例如IFRAME,OBJECT等)

     

请注意,$ sce.RESOURCE_URL对URL的声明比$ sce.URL更强,因此需要值为$ sce.RESOURCE_URL的值的上下文可用于需要$ sce.URL可信任值的任何地方。

Doc

app.config(function($sceDelegateProvider) {
 $sceDelegateProvider.resourceUrlWhitelist([
    // Allow same origin resource loads.
    'self',
    // Allow loading from our assets domain.  Notice the difference between * and **.
    'http://www.baidu.com'
  ]);

  // The blacklist overrides the whitelist so the open redirect here is blocked.
  $sceDelegateProvider.resourceUrlBlacklist([
    'http://myapp.example.com/clickThru**'
  ]);
});