问题
I learned the Javascript concept of same source of origin, which means Javascript code could only access the host where it is downloaded from.
My confusion is, I have developed Javascript code, store the code locally into a .js file and call Javascript code from another local html file. When I use IE to open the local html file, I find the Javascript could access any host, like Google and Bing.
Here is my code. My confusion is, seems the Javascript same original security restriction does not apply to locally running Javascript?
Javascript XMLHttpRequest issue
thanks in advance, George
回答1:
The same origin policy means that xmlhttp requests can be done to the same domain from which the js is loaded and executed, it is enforced by all browsers, also, if you are developing ajax code, there is no sense in executing it from a different domain from the one you will load the pages.
IE makes some exceptions on the SOP from local files, but these are edge situations and you shouldn't bother with them.
回答2:
When you say 'access any host' what do you mean?
Do you mean that you receive notification of when your code loads a URL on google, or do you mean you can interrogate the HTML DOM of the page that loads.
I very much doubt you can do the later. I recall from experience doing this (a while ago mind) that receiving notification that a page has loaded should be possible - it's just that you simply can't see or modify anything ON that page.
来源:https://stackoverflow.com/questions/1192716/javascript-same-origin-security-issue