Js sets document. domain for cross-domain attention analysis, jsdocument. domain

Js sets document. domain for cross-domain attention analysis, jsdocument. domain

This article analyzes the precautions for setting document. domain in js to implement cross-origin. Share it with you for your reference. The specific analysis is as follows:

Document. domain
Used to obtain the Domain Name of the current webpage.
For example, enter:
Copy codeThe Code is as follows: javascript: alert (document. domain); // www.jb51.net

We can also assign values to the document. domain attribute, but there are restrictions. You can only assign the current domain name or basic domain name.
For example:
Copy codeThe Code is as follows: javascript: alert (document. domain = "jb51.net"); // jb51.net
Javascript: alert (document. domain = "www.jb51.net"); // www.jb51.net

The assignment is successful because www.jb51.net is the current domain name and jb51.net is the basic domain name.

However, the following assignment produces an error "invalid parameter:
Copy codeThe Code is as follows: javascript: alert (document. domain = "cctv.net"); // The parameter is invalid.
Javascript: alert (document. domain = "www.jb51.net"); // The parameter is invalid.

Because cctv.net and www.jb51.net are neither the current domain name nor the basic domain name of the current domain name, an error may occur.
This is to prevent someone from maliciously modifying document. domain to steal data across domains.

Use document. domain to implement cross-origin:

Prerequisites: These two domain names must belong to the same basic domain name! The protocols and ports used must be the same; otherwise, the document. domain cannot be used for cross-origin.

For security considerations, Javascript prohibits two or more pages in different domains from performing operations on each other.
Pages in the same domain do not have any problems during mutual operations.

For example, in a webpage (a.html) of aaa.com, iframeis used to access a webpage (B .html) in bbb.com ).
At this time, you can see B .html content in a.html, but you cannot use javascript to operate on it. Because these two pages belong to different domains, before the operation, js will detect whether the two page domains are equal. If they are equal, they will be allowed to operate. If they are not equal, the operation will be rejected.
In this case, a.html and B .html cannot be changed to the same domain using JS. Because their basic domain names are not equal. (If you use JS to change them to an equal domain, the "parameter is invalid" error will be returned. ")

If another webpage in aaa.com is introduced in a.html, this problem will not occur because the domain is equal.

In another case, there are two subdomains:

Aaa.xxx.com
Bbb.xxx.com

A webpage (a.html) in AAA introduces a webpage (B .html) in bbb ),
At this time, a.html cannot operate the content in B .html.
Because the document. domain is different, one is aaa.xxx.com, and the other is bbb.xxx.com.

In this case, we can use Javascript to change the domain of the two pages to the same one,
Is added to both a.htmland B .html:
Copy codeThe Code is as follows: document. domain = "xxx.com ";

In this way, the two pages can operate on each other. That is, the "cross-domain" between the same basic domain name is implemented ".

I hope this article will help you design javascript programs.