我正在使用iFrame包含外部html源import time
import csv
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
chrome_path = "/Users/Downloads/chromedriver"
page_url = "https://www.youtube.com/watch?v=qBp1rCz_yQU"
driver = webdriver.Chrome(executable_path=chrome_path)
driver.get(page_url)
time.sleep(2)
title = driver.find_element_by_xpath('//*[@id="container"]/h1/yt-formatted-string').text
print(title)
SCROLL_PAUSE_TIME = 2
CYCLES = 100
html = driver.find_element_by_tag_name('html')
html.send_keys(Keys.PAGE_DOWN)
html.send_keys(Keys.PAGE_DOWN)
time.sleep(SCROLL_PAUSE_TIME * 3)
for i in range(CYCLES):
html.send_keys(Keys.END)
time.sleep(SCROLL_PAUSE_TIME)
comment_elems = driver.find_elements_by_xpath('//*[@id="content-text"]')
all_comments = [elem.text for elem in comment_elems]
#print(all_comments)
replies_elems =driver.find_elements_by_xpath('//*[@id="replies"]')
all_replies = [elem.text for elem in replies_elems]
print(all_replies)
write_file = "output_replies.csv"
with open(write_file, "w") as output:
for line in all_replies:
output.write(line + '\n')
['', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'View 39 replies', '', '', 'View 2 replies', '', '', '', 'View reply', '', '', '', '', '', 'View reply', '', '', '', '', '', '', '', '', 'View reply', '', '', 'View reply', '', '', '', '', 'View 43 replies', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'View 2 replies', '', '', '', '', '', 'View 17 replies', '', '', '', '', 'View 13 replies', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'View reply', '', 'View reply', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'View 5 replies', '', '', '', '', '', 'View reply', '', 'View 28 replies', '', '', 'View 27 replies', '', '', 'View reply', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'View reply', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'View 9 replies', 'View reply', '', '', '', 'View reply', '', 'View 13 replies', '', '', '', 'View reply', 'View 9 replies', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'View 11 replies', '', '', '', '', 'View 2 replies', '', '', '', '', '', 'View reply', '', '', '', '', '', '', 'View reply', '', '', '', '', '', '', '', 'View reply', '', '', '', 'View 2 replies', '', '', '', '']
但是https://good.com/main.html会导入并执行以下javascript
<iframe src=“https://good.com/main.html" scrolling="no" style="overflow: hidden; height: 700px;"></iframe>
是否有一种方法可以防止good.com/main.html导入和执行https://good.com/a.js
https://good.com/b.js
https://bad.com/c.js
?更具体地说,是否要防止与good.com/main.html具有不同域的资源?
我尝试了沙箱 iFrame
bad.com/c.js但是它仍然会导入并执行https://good.com
是否可以防止源导入和执行任何外部js?
我读到了CSPs on iFrames的内容,但不确定其用途。
答案 0 :(得分:1)
从广义上讲,您不能。 iframe拥有自己的CSP,您无法通过父页面传递策略。
也就是说,您在问题中链接到的iframe元素的“ csp”属性在某种程度上允许这样做。它允许您请求,iframe源应用您在“ csp”属性中设置的CSP;但您不能执行它,只能问一下。因此,您可以从理论上做到:
<iframe csp="default-src 'none';" ...>
iframe的来源可能实现或未实现您请求的CSP。
请注意,这是全新的,并且(据报道)仅在Chrome和Opera中受支持。