1. 技术文章
  2. IFrame not rendered in JSF if using external URL

IFrame not rendered in JSF if using external URL

五迷三道 提交于 2020-01-25 03:30:09

问题


When I use IFrame inside a JSF page that refering to external web page. the page isn't rendered.

JSF Code:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html">

<f:loadBundle basename="resources.application" var="msg" />
<h:head>
<title>E-Payment Gateway</title>
<link type="text/css" rel="stylesheet"
    href="${facesContext.externalContext.requestContextPath}/resources/css/main_style.css" />

</h:head>

<h:body>
<f:view>
     <div style="height: 200px;">

    </div> 
    <div class="centercol" style="margin: auto;position: relative">
        <iframe
            src="http://google.com">
        </iframe>
    </div>
</f:view>
</h:body>

the HTML Result

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>

<title>E-Payment Gateway</title>

<link type="text/css" rel="stylesheet" href="/EPG_WEB_CUST/resources/css/main_style.css" /></head><body>
     <div style="height: 200px;">

    </div> 
    <div class="centercol" style="margin: auto;position: relative">
        <iframe src="http://google.com">
 #document<html><head></head><body></body></html></iframe>
    </div></body></html>

I don't know what causes this problem, It always display empty renedered HTML


回答1:


The problem is not with JSF or firewall.

Your trying to use http://google.com inside an iFrame which is in different domain. This is a potential security threat, it is called Cross Site Scripting(XSS). The answer for your problem lies in the http header of google.

In order to avoid XSS attack, google has added the following headers.

X-FRAME-OPTIONS
X-XSS-PROTECTION

In other words because of the above headers you cannot access them inside an iFrame which is in different domain, learn more about XSS here and about Same Origin Policy here

Hope this solves your problem.



来源:https://stackoverflow.com/questions/19933216/iframe-not-rendered-in-jsf-if-using-external-url

标签
jsf
iframe
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!