问题描述
我意识到这个跨站点脚本编写问题已经涉及,但是对于Web开发来说还是一个新问题我还有一些问题。
I realize this issue of cross site scripting has been covered, however being new to web development I had a few further questions.
目前我正在测试一个html文件我在我的PC上写了一台连接到另一台机器上的RESTFul Web服务。我得到 status = 0
。这是否被视为跨站点脚本?
Currently I am testing an html file I wrote on my PC connecting to a RESTFul web service on another machine. I am getting status=0
. Is this considered cross-site scripting?
如果服务器托管带有javascript的文件,并且该javascript文件具有 XMLHttpRequest
s到服务器自己的Web服务,是否有效,或者那么糟糕?
If a server hosts a file with javascript, and that javascript file has XMLHttpRequest
s to the server's own web services, will that work, or is that bad?
如果这些问题中的任何一个是愚蠢的,请道歉。
Apologies if any of these questions are stupid.
推荐答案
status = 0
我可以做各种各样的事情,而且不知道你怎么做到这一点一点,很难确定它究竟意味着什么。您可能正在使用iframe,另一台计算机可能真的告诉您状态为0 ...我们不知道。
status=0
can me a variety of things, and without knowing more about how you got to that point, it is very difficult to determine what, exactly, it means. You could be using an iframe, the other computer could genuinely be telling you that the status is 0... we don't know.
一般规则是JS 来自并不重要,它将执行加载的数据。这就是使Google js归档api成为可能的原因(你知道,使用 https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.js
在各种各样的地方)。老实说,这不是一个安全问题。
The general rule is that it doesn't matter where the JS is from, it will execute the data where it's loaded. This is what makes the Google js archiving api possible (you know, use https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.js
on a whole assortment of locations). And honestly, that is not a security issue.
当js文件试图访问另一个域(甚至是子域)时,安全问题就出现了,无论是通过操纵iframe或通过XMLHTTPRequest。正是在这一点上,浏览器将打下脚本。
The security issue comes in when a js file tries to access another domain (or even subdomain), whether through manipulation of an iframe or through XMLHTTPRequest. It's at that point that the browser will "lay the smackdown" on the script.
您将无法通过硬盘与JavaScript进行通信(文件:///)因此,任何互联网协议(http | https)。
You will have difficulty communicating with JavaScript from your hard drive (file:///) to any internet protocol (http|https) because of this.
这篇关于XMLHttpRequest跨站点脚本?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!