开发者

Secure isolated iFrame? Alternative?

开发者 https://www.devze.com 2023-01-10 18:40 出处:网络
开发者_JAVA技巧I am running into a problem. I want to host an external page securely. Meaning, no JavaScript in the iFrame. Or it only execute safe code, such as change the text of its page or set the

开发者_JAVA技巧I am running into a problem. I want to host an external page securely. Meaning, no JavaScript in the iFrame. Or it only execute safe code, such as change the text of its page or set the color of its page. And I want to keep CSS alive.

They should look the same from the source, but, no melacious code running behind. No ActiveX, no Flash, no Plug-in. I want them look correct without all the security compromise.

I have tried jQuery load(), but, it only works for internal pages, not external pages. And the CSS in that DIV overwrite my site's CSS, which is not what I wanted.

I am looking for an isolated frame like iframe. But, without security problem. Is this possible?


HTML5 now has a 'sandbox' option for iframes.
This will allow you to block code inside the iframe.

You can learn more at: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe


You can create a server side stateful proxy, like a php script that read the remote page and clean whatever you don't like. Not a really simple thing to do, but I'm afraid there is no really easy way around.

I mean, for instance, you create proxy.php:

<?php
  $remote = file($_GET['remote']);
  // .. filter whatever you like in $remote then print it

And then link to a site using

<iframe src="proxy.php?remote=http://www.example.com"></iframe>

This is not a complete example, just a way of showing my idea.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号