I want to use js code in parent window to change the content of a cross-orign iframe. Such as:
document.getElementById('someiframe').contentWindow.XXX=true
Of course it should be blocked by browser.
Open Chrome with parameter "--disable-web-security" can solve the problem. I have used a chrome plugin called "cros-anywhere" which can fast switch whether CROS is enabled. I wonder if there are any plugins or other ways can fast switch all security policies on/off without restarting the browser.
I want to build some web pages that can access as many permissions as they can so that the scripts can work like a C/S application. Then I and those who know the risk of running such scripts can conveniently enter "unsafe mode" with one click to run that scripts. Is there any way to realize it?
Aucun commentaire:
Enregistrer un commentaire