问题描述
上周工作中,我们注意到,如果您尝试在iFrame中显示YouTube页面,则会看到一个页面,指出不允许这样做.显示的链接将您直接带到该页面.我们查看了其他社交媒体网站,Facebook和Twitter也都这样做.
Last week at work we noticed that if you try and display a YouTube page in an iFrame you are shown a page stating that this is not allowed. A link is shown that takes you direct to the page. We looked at other social media sites, both Facebook and Twitter also do this.
我有两个问题.一个是怎么做到的?我的猜测是这样的检查:
I have two questions. One how is this done? My guess is it's a check something like:
if(window != top){
// display 'error' page
}
另一个问题是为什么要这样做?我最初的想法可能是与安全性有关,但是我对安全性的考虑越多,我就越认为这是合法的事情或行销决定.
The other question is why is this done? My first thoughts were maybe it was to do with security but the more I've thought about it, the more I think it's a legal thing or a marketing decision.
推荐答案
网站不希望其他网站窃取其内容.我记得早在90年代就实施了类似的方法.您几乎回答了自己的问题.但是,这也是一个安全问题.至少在Twitter上,曾经有一些恶意站点会执行以下操作:
Websites don't want other websites stealing their content. I remember implementing something like this as far back as in the nineties. You pretty much answered your own question. However, it is also a security issue. At least with Twitter, there used to be some malicious sites, which would do the following:
- 在bs网站上发布或发布某些内容,以显示某种形式.
- 包括指向 http://twitter.com/share?text=SPAM_TEXT_HERE 的iframe
- 将iframe定位到bs网站表单按钮所在的位置.
- 滚动iframe,以使iframe中仅显示"Tweet"按钮.
- Make some bs website with something about tweeting or posting something, showing some kind of form.
- Include an iframe pointing to http://twitter.com/share?text=SPAM_TEXT_HERE
- Position that iframe into a place where a button for the bs site's form would be.
- Scroll the iframe so that only the "Tweet" button shows from the iframe.
这样,他们会让人们在其推文中发布垃圾邮件.
This way they would get people tweeting their spammy tweets.
这篇关于社交媒体网站阻止其他网站在iFrame中显示其页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!