iframe

Refused to display a frame because it set 'X-Frame-Options' to 'sameorigin'

纵然是瞬间 提交于 2019-12-23 02:28:31
问题 I am trying to set a iframe in the ionic3 but I am facing with this problem Refused to display a frame of webpages. This is my code. <ion-content> <div #frame style="width:100%; height:100%; overflow:scroll !important;-webkit-overflow-scrolling:touch !important"> <iframe [src]="url" class="iframe" scrolling="yes" ></iframe> </div> </ion-content> onInput() { this.open = true; this.url = this.domSanitizer.bypassSecurityTrustResourceUrl('https://www.youtube.com/embed/results?search_query=' +

Web安全之CSRF攻击的防御措施

折月煮酒 提交于 2019-12-23 02:15:27
Web安全之CSRF攻击的防御措施 CSRF是什么? Cross Site Request Forgery,中文是:跨站点请求伪造。 CSRF攻击者在用户已经登录目标网站之后,诱使用户访问一个攻击页面,利用目标网站对用户的信任,以用户身份在攻击页面对目标网站发起伪造用户操作的请求,达到攻击目的。 举个例子 简单版: 假如博客园有个加关注的GET接口,blogUserGuid参数很明显是关注人Id,如下: http://www.cnblogs.com/mvc/Follow/FollowBlogger.aspx?blogUserGuid=4e8c33d0-77fe-df11-ac81-842b2b196315 那我只需要在我的一篇博文内容里面写一个img标签: <img style="width:0;" src="http://www.cnblogs.com/mvc/Follow/FollowBlogger.aspx?blogUserGuid=4e8c33d0-77fe-df11-ac81-842b2b196315" /> 那么只要有人打开我这篇博文,那就会自动关注我。 升级版: 假如博客园还是有个加关注的接口,不过已经限制了只获取POST请求的数据。这个时候就做一个第三方的页面,但里面包含form提交代码,然后通过QQ、邮箱等社交工具传播,诱惑用户去打开,那打开过博客园的用户就中招了

x-frame-option SAMEORIGIN and clickjacking in ASP.NET

依然范特西╮ 提交于 2019-12-23 02:05:32
问题 The application had problems with allowing to be loaded into iframe. I have read a lot about it (and clickjacking). As it is necessary to load a page into the iframe withing the same origin, I have come to the following solution: Add the following to the global.asax file HttpContext.Current.Response.AddHeader("x-frame-options", "SAMEORIGIN") However, I know that not all browsers support this header. So, I want to add some additional javascript sollution. As I am not expert in javascript, I

How to get window size from cross-domain iframe in IE

半城伤御伤魂 提交于 2019-12-23 01:36:18
问题 In a cross domain scenario I need to know what's in the iframe size (width and height) when the javascript code running inside the iframe. (I can't climb to the parent because I'm in a cross domain iframe) Note: I don't want to use jquery. I tried several ways to get that info: var w = window.innerWidth || window.document.documentElement.clientWidth || document.getElementsByTagName('body')[0].clientWidth || document.body.offsetWidth var h = window.innerHeight || window.document

Appending Link To Head Of Iframe

為{幸葍}努か 提交于 2019-12-23 01:34:11
问题 I want to append element To head of an Iframe (fancybox) there is a strange problem : when I use Firefox to Breakpoint on line of code that append element to Head it works correctly but when I run site normally without firebug it does not work; I am using fancybox 1.3.4 and the code run in onComplete event var cssLink = document.createElement("link") cssLink.href = "/themes/furniture/css/test.css"; cssLink .rel = "stylesheet"; cssLink .type = "text/css"; var f123= document.getElementById(

html2canvas.js not Working in IE9/10/11

我只是一个虾纸丫 提交于 2019-12-23 01:19:30
问题 We want to capture screenshot of Div (HTML element) which is inside an IFrame. IFrame loads inside another Div at runtime in a html page. For capturing screenshot we are using html2canvas.js API. Code is working very well with Mozilla and Chrome but not working in IE9/10/11. The basic requirement is that to capture screenshot of Div and send that image byte-array to Flex application. Function which captures screenshot is: function capturImage() { html2canvas(document.getElementById('map

Playing youtube video using iframe in ionic 2 app

ⅰ亾dé卋堺 提交于 2019-12-23 01:04:17
问题 In an Ionic 2 app, I am trying to embed one youtube video using iframe. The code looks like this: <iframe width="320" height="315" src="https://www.youtube.com/embed/VIDEOID?autoplay=1&controls=1" frameborder="0" allowfullscreen></iframe> However when I navigate to the page I am getting this error. I can't find a good answer how to fix this. XMLHttpRequest cannot load https://googleads.g.doubleclick.net/pagead/id. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when

Using jQuery to highlight elements, can't get to inner elements

限于喜欢 提交于 2019-12-22 20:45:14
问题 I'm trying to create somewhat of a highlighting/selecting tool [using jQuery] in my web app that watches what elements you hover over inside an iFrame, selects the hovered-over element, and uses that element's styling to create on overlaying div . Think of the element selection tool in your web inspector. Here's a demo that selects all visible elements (except html and body ). Hover over one: http://jsfiddle.net/PrAfG/3/ The problem I'm having is that if you move really quickly across the

select the immediate parent element of an iframe from the iframe

泪湿孤枕 提交于 2019-12-22 20:42:34
问题 I have the markup below: <html> <body> <div class="aaa"></div> <div class="aaa"></div> <div class="aaa"> <iframe> <form id="myform"> </form> </iframe> </div> <div class="aaa"></div> </body> </html> On loading the iframe , it contains the form '#myform'. Upon submission of the form, I need to run a certain callback based on the div.aaa that is the immediate parent of the iframe . Any solution based on parent.document cannot help me much, since I do not know the ID of the div.aaa . What I'd

How to give javascript alert from web context(Iframe) in metro app.

安稳与你 提交于 2019-12-22 20:33:19
问题 In my metro app ..I am using iframe to load a web application - basically a form which contains some controls and finally user click on finish button and i want to show alert i know in metro app. we can give the alert using "new Windows.UI.PopupMessage" to show the alert. but how can i do the same from the web context(Iframe). i have a function (showalert();) in my default.js where i am using the "new Windows.UI.PopupMessage" to show messages. if i am trying to access this function from
订阅 iframe