MDN 中 关于 iframe 的 sandbox 功能有一段话触目惊心

  • 472

如果攻击者可以将潜在的恶意内容往⽤⼾的已沙箱化的 iframe 中显⽰,那么沙箱操作的安全性将不再可靠。推荐把这种内容放置到独⽴的专⽤域中,减⼩可能的损失。

<iframe> - MDN

这是什么意思?什么叫不可靠?这不就是 sandbox 存在的意义吗?

阅读 5.9k
1 个回答


Potentially hostile files should not be served from the same server as the file containing the iframe element. Sandboxing hostile content is of minimal help if an attacker can convince the user to just visit the hostile content directly, rather than in the iframe. To limit the damage that can be caused by hostile HTML content, it should be served from a separate dedicated domain. Using a different domain ensures that scripts in the files are unable to attack the site, even if the user is tricked into visiting those pages directly, without the protection of the sandbox attribute.

说的是同域的问题,在 iframe 里攻击者就可以伪装原来的网页倒过来引导用户去操作。

  • 和开发者交流问题的细节
  • 关注并接收问题和回答的更新提醒
  • 参与内容的编辑和改进,让解决方法与时俱进