87,923
社区成员
发帖
与我相关
我的任务
分享框架间的javascript调用--“拒绝访问”!!!!
我有两台tomcat服务器,其中服务器A里的index页面的frame里嵌入了服务器A的pageA页面和服务器B的pageB页面,但我想在pageA的页面调用pageB的一个javascript函数functionB时就弹出脚本错误:“拒绝访问”......
---------------------------------------------------
| |
| |
| pageA |
| (tomcat server A ) |
| |
---------------------------------------------------
| |
| pageB |
| (tomcat server B ) |
| |
---------------------------------------------------
请教一下有什么办法解决呢
---------------------------------------------------
| |
| |
| pageA |
| (tomcat server A ) |
| |
---------------------------------------------------
| |
| pageB |
| (tomcat server B ) |
| |
---------------------------------------------------
请教一下有什么办法解决呢
...全文
请发表友善的回复…
发表回复
风中的火柴 2012-10-18
- 打赏
- 举报
学习了啊
JK_10000 2007-09-06
- 打赏
- 举报
同楼上
<script src="http://www.google.com/a.js"></script>
也可以引用异域js文件。
<script src="http://www.google.com/a.js"></script>
也可以引用异域js文件。
cgisir 2007-09-06
- 打赏
- 举报
我用的PHP
可以把js写到 include里面试试
可以把js写到 include里面试试
JK_10000 2007-09-06
- 打赏
- 举报
"但这种方法也存在一个问题,就是javascript返回值的问题了,一旦有返回值,那么该怎么获取呢?"
-------
看JK的回复,两个回复能实现一个互调的机制:
"上面的是跨域调用iframe的
下面的是跨域调用top的"
-------
看JK的回复,两个回复能实现一个互调的机制:
"上面的是跨域调用iframe的
下面的是跨域调用top的"
ppKIDpp 2007-09-06
- 打赏
- 举报
"测试了一下,还是拒绝访问。。主要是这句window.open("javascript:testFun();","frameB")"
-----
B.htm与B1.htm在同一个域
C.htm在另一个域
window.open("javascript:testFun();","frameB")是B1.htm调B.htm的,
在IE下不会有跨域的问题.
-----以上结论,仅在IE6下验证过,IE7下没有去验证
=========================================================================
我也是在我的机器IE6下验证的。。没有成功,但类似的方式我在其他机器上(IE 7)试过可以通过,大致思路和你说的一样,就是通过从C post 一个form 到框架B1,让B1初始化时调用B的javascript函数。
但这种方法也存在一个问题,就是javascript返回值的问题了,一旦有返回值,那么该怎么获取呢?
问题越来越清晰了,谢谢楼上各位的指导
-----
B.htm与B1.htm在同一个域
C.htm在另一个域
window.open("javascript:testFun();","frameB")是B1.htm调B.htm的,
在IE下不会有跨域的问题.
-----以上结论,仅在IE6下验证过,IE7下没有去验证
=========================================================================
我也是在我的机器IE6下验证的。。没有成功,但类似的方式我在其他机器上(IE 7)试过可以通过,大致思路和你说的一样,就是通过从C post 一个form 到框架B1,让B1初始化时调用B的javascript函数。
但这种方法也存在一个问题,就是javascript返回值的问题了,一旦有返回值,那么该怎么获取呢?
问题越来越清晰了,谢谢楼上各位的指导
JK_10000 2007-09-06
- 打赏
- 举报
"测试了一下,还是拒绝访问。。主要是这句window.open("javascript:testFun();","frameB")"
-----
B.htm与B1.htm在同一个域
C.htm在另一个域
window.open("javascript:testFun();","frameB")是B1.htm调B.htm的,
在IE下不会有跨域的问题.
-----以上结论,仅在IE6下验证过,IE7下没有去验证
-----
B.htm与B1.htm在同一个域
C.htm在另一个域
window.open("javascript:testFun();","frameB")是B1.htm调B.htm的,
在IE下不会有跨域的问题.
-----以上结论,仅在IE6下验证过,IE7下没有去验证
ppKIDpp 2007-09-06
- 打赏
- 举报
ok,结帖,学到了不少东西。
JK_10000 2007-09-06
- 打赏
- 举报
ppKIDpp(小新):知道就好,还怕你是一时糊涂,让我瞎回了那么多代码呢
ppKIDpp 2007-09-06
- 打赏
- 举报
JK_10000(JK) ( ) 信誉:121 2007-09-06 11:43:46 得分: 0
同楼上
<script src="http://www.google.com/a.js"></script>
也可以引用异域js文件
===================================================================
引用异域js文件,可以执行,但这样的话也是在本域页面上执行这个JS的函数,并非真的执行异域页面上的js,所以,这个js的函数依旧不能访问异域页面的对象,
孟子E章 2007-09-05
- 打赏
- 举报
不能跨域
ppKIDpp 2007-09-05
- 打赏
- 举报
貌似document.domain是只读的,改了没有反应?
cgisir 2007-09-05
- 打赏
- 举报
都在一个域里 试下
<script type="text/javascript">
document.domain=*** //域名比如 gov.cn
</script>
<script type="text/javascript">
document.domain=*** //域名比如 gov.cn
</script>
ppKIDpp 2007-09-05
- 打赏
- 举报
我在网上找到了这样一篇文章,大家帮忙看看 http://johnvey.com/features/deliciousdirector/web-service-broker.html
-------------------------------------------------------------------------------------
del.icio.us direc.tor: Creating A Client-Side Web Service Broker
June 20, 2005
Initially, I had planned on using the XmlHTTPRequest object to create a client-side application that integrated various web services like Google suggest, del.icio.us, Flickr, Yahoo developer network, etc. Unfortunately, the browser security restrictions severely limit the capabilities of a client-side application, essentially eliminating any cross-domain integration services. However, single-domain services can still be implemented by using the Javascript bootloading technique.
Same-Origin Policy
The most frustrating part of creating any client-side application is the security model that applies to just about all executable objects that can be accessed by the browser. Designed the prevent cross-site scripting attacks (XSS), the same-origin policy effectively prohibits a page served from www.mydomain.org to access any document served from a different domain, via XmlHTTPRequest, IFRAME's, or similar DOM methods. Therefore, a page with a URL of http://www.mydomain.org:80/ cannot access another page that does not share the same protocol, domain, and port.
One exception to this rule is when the document.domain property is set. This exception stipulates that in an FRAME/IFRAME situation, documents served from different subdomains of the same base domain may access each other's DOM tree if both pages set their respective document.domain property to the base domain. For example, if a page blue.domainA.org/master.html contains an IFRAME of the page red.domainA.org/slave.html, then by default the two pages will not be allowed to access each other's DOM tree. However, if both pages contain an explicit Javascript command, document.domain = "domainA.org";, then access to the DOMs will be granted. What is somewhat confusing is that all pages have a valid document.domain property that is set, but is considered null by the security model until it is set explicitly. Unfortunately, XmlHTTPRequest objects are not affected by the document.domain property. XmlHTTPRequest will only fetch documents from the originating server. In fact, you have to specify a relative URL, since it completely ignores any URL's with a fully-qualified domain name.
None of these security policies apply when executing a web page served from localhost. You can use IFRAME's and XmlHTTPRequest objects to access any valid URL to your heart's content.
Using the Javascript Bootloader
You can execute arbitrary Javascript code in the security context of any web page by simply typing a javascript command into the browser's address bar:
javascript:void(document.body.style.backgroundColor='#c00')That command can also be bookmarked by either editing a bookmark property directly or using the drag-and-drop method, thus creating a Javascript bookmarklet. As anyone who has had the displeasure of implementing third-party banner ads knows, a web page may contain a <script> reference to any valid URL, i.e. <script src="http://shoddy.advertiser.net"></script>. The Javascript bootloader uses this capability to inject foreign code — not by writing out a <script> string, but by way of DOM node creation:
// Create a new script node
var element = document.createElement('script');
// set the 'src' attribute of the element
element.setAttribute('src', 'http://johnvey.com/features/deliciousdirector/dboot.js');
// insert the new node into the current document
document.body.appendChild(element);Once the new script node is inserted, the browser will automatically process the attached code. The complete javascript bookmarklet is as follows:
javascript:void((function() {var%20element=document.createElement('script'); element.setAttribute('src', 'http://johnvey.com/features/deliciousdirector/dboot.js'); document.body.appendChild(element)})())
This method eliminates the need to include large blocks of Javascript code inside a bookmark (compare with the Javascript shell), and allows central control of the core Javascript code.
Resetting the Page
Once the foreign code is loaded, you may want to clear the content from the page in order to start from a clean slate:
// clear the body content
document.body.innerHTML = "";
// remove all the existing stylesheets
for(i=0; (a = document.getElementsByTagName("link")[i]); i++) {
if(a.getAttribute("rel").indexOf("style") != -1) {
a.disabled = true;
}
}
// fill in new body content
document.body.innerHTML = "Hello, World!";
// create a new stylesheet link
var ns = document.createElement("link");
ns.rel = "stylesheet";
ns.type = "text/css";
ns.href = "http://johnvey.com/features/deliciousdirector/d.css";
document.body.appendChild(ns);
// create a new script node for the main program logic
var js = document.createElement("script");
js.language = "javascript";
js.src = "http://johnvey.com/features/deliciousdirector/d.js";
document.body.appendChild(js);
// update the page title
document.title += " (Direc.tor)";
-------------------------------------------------------------------------------------
del.icio.us direc.tor: Creating A Client-Side Web Service Broker
June 20, 2005
Initially, I had planned on using the XmlHTTPRequest object to create a client-side application that integrated various web services like Google suggest, del.icio.us, Flickr, Yahoo developer network, etc. Unfortunately, the browser security restrictions severely limit the capabilities of a client-side application, essentially eliminating any cross-domain integration services. However, single-domain services can still be implemented by using the Javascript bootloading technique.
Same-Origin Policy
The most frustrating part of creating any client-side application is the security model that applies to just about all executable objects that can be accessed by the browser. Designed the prevent cross-site scripting attacks (XSS), the same-origin policy effectively prohibits a page served from www.mydomain.org to access any document served from a different domain, via XmlHTTPRequest, IFRAME's, or similar DOM methods. Therefore, a page with a URL of http://www.mydomain.org:80/ cannot access another page that does not share the same protocol, domain, and port.
One exception to this rule is when the document.domain property is set. This exception stipulates that in an FRAME/IFRAME situation, documents served from different subdomains of the same base domain may access each other's DOM tree if both pages set their respective document.domain property to the base domain. For example, if a page blue.domainA.org/master.html contains an IFRAME of the page red.domainA.org/slave.html, then by default the two pages will not be allowed to access each other's DOM tree. However, if both pages contain an explicit Javascript command, document.domain = "domainA.org";, then access to the DOMs will be granted. What is somewhat confusing is that all pages have a valid document.domain property that is set, but is considered null by the security model until it is set explicitly. Unfortunately, XmlHTTPRequest objects are not affected by the document.domain property. XmlHTTPRequest will only fetch documents from the originating server. In fact, you have to specify a relative URL, since it completely ignores any URL's with a fully-qualified domain name.
None of these security policies apply when executing a web page served from localhost. You can use IFRAME's and XmlHTTPRequest objects to access any valid URL to your heart's content.
Using the Javascript Bootloader
You can execute arbitrary Javascript code in the security context of any web page by simply typing a javascript command into the browser's address bar:
javascript:void(document.body.style.backgroundColor='#c00')That command can also be bookmarked by either editing a bookmark property directly or using the drag-and-drop method, thus creating a Javascript bookmarklet. As anyone who has had the displeasure of implementing third-party banner ads knows, a web page may contain a <script> reference to any valid URL, i.e. <script src="http://shoddy.advertiser.net"></script>. The Javascript bootloader uses this capability to inject foreign code — not by writing out a <script> string, but by way of DOM node creation:
// Create a new script node
var element = document.createElement('script');
// set the 'src' attribute of the element
element.setAttribute('src', 'http://johnvey.com/features/deliciousdirector/dboot.js');
// insert the new node into the current document
document.body.appendChild(element);Once the new script node is inserted, the browser will automatically process the attached code. The complete javascript bookmarklet is as follows:
javascript:void((function() {var%20element=document.createElement('script'); element.setAttribute('src', 'http://johnvey.com/features/deliciousdirector/dboot.js'); document.body.appendChild(element)})())
This method eliminates the need to include large blocks of Javascript code inside a bookmark (compare with the Javascript shell), and allows central control of the core Javascript code.
Resetting the Page
Once the foreign code is loaded, you may want to clear the content from the page in order to start from a clean slate:
// clear the body content
document.body.innerHTML = "";
// remove all the existing stylesheets
for(i=0; (a = document.getElementsByTagName("link")[i]); i++) {
if(a.getAttribute("rel").indexOf("style") != -1) {
a.disabled = true;
}
}
// fill in new body content
document.body.innerHTML = "Hello, World!";
// create a new stylesheet link
var ns = document.createElement("link");
ns.rel = "stylesheet";
ns.type = "text/css";
ns.href = "http://johnvey.com/features/deliciousdirector/d.css";
document.body.appendChild(ns);
// create a new script node for the main program logic
var js = document.createElement("script");
js.language = "javascript";
js.src = "http://johnvey.com/features/deliciousdirector/d.js";
document.body.appendChild(js);
// update the page title
document.title += " (Direc.tor)";
ppKIDpp 2007-09-05
- 打赏
- 举报
跨域调用:
http://community.csdn.net/Expert/topic/5533/5533363.xml?temp=.3585626
主题:...跨域调用(改变非同一网站上网页输入框的值) (跨域访问Iframe)
回复:JK_10000(JK) 2007-05-17 10:33:39
如下,C.htm,B.htm/B1.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>跨域调用iframe</title>
</head>
<body>
<input type=button value="直接跨域调用(会失败)" onclick="frames['frameB'].testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('http://jk:8080/xpc/B1.htm','frameA')" >
<hr>
<iframe name=frameA src="about:blank" style="display:none;"/>
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>
----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用iframe</TITLE>
</HEAD>
<BODY>
</BODY>
</HTML>
<script>
function testFun()
{
alert(location.href);
}
</script>
------------------------
B1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
window.open("javascript:testFun();","frameB")
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="调用frameB里的testFun();" onclick='window.open("javascript:testFun();","frameB")' >
</BODY>
</HTML>
---------------------------------------
---------------------------------------
测试了一下,还是拒绝访问。。
主要是这句window.open("javascript:testFun();","frameB")
http://community.csdn.net/Expert/topic/5533/5533363.xml?temp=.3585626
主题:...跨域调用(改变非同一网站上网页输入框的值) (跨域访问Iframe)
回复:JK_10000(JK) 2007-05-17 10:33:39
如下,C.htm,B.htm/B1.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>跨域调用iframe</title>
</head>
<body>
<input type=button value="直接跨域调用(会失败)" onclick="frames['frameB'].testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('http://jk:8080/xpc/B1.htm','frameA')" >
<hr>
<iframe name=frameA src="about:blank" style="display:none;"/>
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>
----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用iframe</TITLE>
</HEAD>
<BODY>
</BODY>
</HTML>
<script>
function testFun()
{
alert(location.href);
}
</script>
------------------------
B1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
window.open("javascript:testFun();","frameB")
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="调用frameB里的testFun();" onclick='window.open("javascript:testFun();","frameB")' >
</BODY>
</HTML>
---------------------------------------
---------------------------------------
测试了一下,还是拒绝访问。。
主要是这句window.open("javascript:testFun();","frameB")
ppKIDpp 2007-09-05
- 打赏
- 举报
研究一下 ,等出结果再告诉大家
JK_10000 2007-09-05
- 打赏
- 举报
上面的是跨域调用iframe的
下面的是跨域调用top的
http://community.csdn.net/Expert/topic/5505/5505506.xml?temp=.2110559
主题:谁能搞定跨域访问中的这个问题?
回复:JK_10000(JK) 2007-05-14 10:22:38
如下,C.htm/C1.htm位于c盘,B.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>Hello</title>
<script>
function testFun()
{
alert('hello JK ');
}
</script>
</head>
<body>
<iframe name=frameA src="about:blank" />
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>
------------------------
C1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
top.testFun();
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="test" onclick="top.testFun();" >
</BODY>
</HTML>
----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用Top</TITLE>
</HEAD>
<BODY>
<input type=button value="直接跨域调用(会失败)" onclick="top.testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('C:\\C1.htm','frameA')" >
</BODY>
</HTML>
下面的是跨域调用top的
http://community.csdn.net/Expert/topic/5505/5505506.xml?temp=.2110559
主题:谁能搞定跨域访问中的这个问题?
回复:JK_10000(JK) 2007-05-14 10:22:38
如下,C.htm/C1.htm位于c盘,B.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>Hello</title>
<script>
function testFun()
{
alert('hello JK ');
}
</script>
</head>
<body>
<iframe name=frameA src="about:blank" />
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>
------------------------
C1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
top.testFun();
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="test" onclick="top.testFun();" >
</BODY>
</HTML>
----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用Top</TITLE>
</HEAD>
<BODY>
<input type=button value="直接跨域调用(会失败)" onclick="top.testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('C:\\C1.htm','frameA')" >
</BODY>
</HTML>
JK_10000 2007-09-05
- 打赏
- 举报
跨域调用:
http://community.csdn.net/Expert/topic/5533/5533363.xml?temp=.3585626
主题:...跨域调用(改变非同一网站上网页输入框的值) (跨域访问Iframe)
回复:JK_10000(JK) 2007-05-17 10:33:39
如下,C.htm,B.htm/B1.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>跨域调用iframe</title>
</head>
<body>
<input type=button value="直接跨域调用(会失败)" onclick="frames['frameB'].testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('http://jk:8080/xpc/B1.htm','frameA')" >
<hr>
<iframe name=frameA src="about:blank" style="display:none;"/>
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>
----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用iframe</TITLE>
</HEAD>
<BODY>
</BODY>
</HTML>
<script>
function testFun()
{
alert(location.href);
}
</script>
------------------------
B1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
window.open("javascript:testFun();","frameB")
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="调用frameB里的testFun();" onclick='window.open("javascript:testFun();","frameB")' >
</BODY>
</HTML>
http://community.csdn.net/Expert/topic/5533/5533363.xml?temp=.3585626
主题:...跨域调用(改变非同一网站上网页输入框的值) (跨域访问Iframe)
回复:JK_10000(JK) 2007-05-17 10:33:39
如下,C.htm,B.htm/B1.htm在异域:
C.htm:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>跨域调用iframe</title>
</head>
<body>
<input type=button value="直接跨域调用(会失败)" onclick="frames['frameB'].testFun();" >
<input type=button value="间接跨域调用" onclick="window.open('http://jk:8080/xpc/B1.htm','frameA')" >
<hr>
<iframe name=frameA src="about:blank" style="display:none;"/>
<iframe name=frameB src="http://jk:8080/xpc/B.htm"/>
</body>
</html>
----------------------
B.htm:
<HTML>
<HEAD>
<TITLE>跨域调用iframe</TITLE>
</HEAD>
<BODY>
</BODY>
</HTML>
<script>
function testFun()
{
alert(location.href);
}
</script>
------------------------
B1.htm:
<HTML>
<HEAD>
<TITLE>过渡页面</TITLE>
<SCRIPT LANGUAGE="JavaScript" >
window.open("javascript:testFun();","frameB")
</SCRIPT>
</HEAD>
<BODY>
<input type=button value="调用frameB里的testFun();" onclick='window.open("javascript:testFun();","frameB")' >
</BODY>
</HTML>
ChaoticLife 2007-09-05
- 打赏
- 举报
由于安全的原因,主域名的不相同的是js是不能相互访问的,比如说aaa.com的页面的js不能访问和bbb.com域名下页面的js,这种主域名不一样的情况只能只能通过服务端的程序来解决
Code従業員 2007-09-05
- 打赏
- 举报
跨域?没有试过.
ppKIDpp 2007-09-05
- 打赏
- 举报
谢谢cgisir和net_lover有点明白了,我google了一下,cgisir似乎可行,但域名这玩意不是我能控制的,万一我的两台服务器一台域名叫www.aaa.com,一台叫www.bbb.com,那怎么改都不在同一个域下面,那该怎么办?
