科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Is it possible to allow Cross Site Scripting (XSS) in Mobile safari? - Stack Overflow

    javascript - Is it possible to allow Cross Site Scripting (XSS) in Mobile safari? - Stack Overflow

    programmeradmin2浏览0评论

    I am building a hybrid app (HTML,CSS, JS + Native iOS code), and Would like to make calls to a web service, but this is being blocked currently by the XSS Security.

    What do I need to do to turn off this security feature (or more likely provide a whitelist that is allowed to connect?)

    Thanks for the help!

    I am building a hybrid app (HTML,CSS, JS + Native iOS code), and Would like to make calls to a web service, but this is being blocked currently by the XSS Security.

    What do I need to do to turn off this security feature (or more likely provide a whitelist that is allowed to connect?)

    Thanks for the help!

    • javascript
    • ios
    • xcode
    • xss
    • hybrid
    Share Improve this question asked Mar 15, 2012 at 13:33 NathanNathan 1,6474 gold badges25 silver badges46 bronze badges 4
    • 1 That isn't XSS. XSS is where you have a security hole which allows an attacker to add their JavaScript to your page so it runs when a visitor arrives on your site (usually via a link from the attacker). – Quentin Commented Mar 15, 2012 at 13:38
    • What kind of "web service" are you talking about? What exactly are you trying, and what exactly is the browser doing to thwart your efforts? "XSS" is an attack strategy, not a security feature. – Pointy Commented Mar 15, 2012 at 13:39
    • There is probably a way to expose an API written in Obj-C to your JavaScript (and your Obj-C code can make HTTP requests freely), but I'm not well versed in Apple's APIs. – Quentin Commented Mar 15, 2012 at 13:39
    • See How to call Objective-C from Javascript?. It isn't specific enough about your problem to count as a duplicate, but it should give you enough to tie into an Objective C method you write to make the HTTP requests. – Quentin Commented Mar 15, 2012 at 15:01
    Add a ment  | 

    2 Answers 2

    Reset to default 6

    Yes.

    You can use Cross Origin Resource Sharing, iff you're allowed to configure the server to support it, and it works on enough browsers for your needs.

    No.

    XSS cannot be disabled in any browser - otherwise hackers could easily steal all your money from your bank account. So this isn't a path that you can, should or want to take.

    Ask another question where you describe more clearly what you need to achieve and we can probably help.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论
    ok 不同模板 switch ($forum['model']) { /*case '0': include _include(APP_PATH . 'view/htm/read.htm'); break;*/ default: include _include(theme_load('read', $fid)); break; } } break; case '10': // 主题外链 / thread external link http_location(htmlspecialchars_decode(trim($thread['description']))); break; case '11': // 单页 / single page $attachlist = array(); $imagelist = array(); $thread['filelist'] = array(); $threadlist = NULL; $thread['files'] > 0 and list($attachlist, $imagelist, $thread['filelist']) = well_attach_find_by_tid($tid); $data = data_read_cache($tid); empty($data) and message(-1, lang('data_malformation')); $tidlist = $forum['threads'] ? page_find_by_fid($fid, $page, $pagesize) : NULL; if ($tidlist) { $tidarr = arrlist_values($tidlist, 'tid'); $threadlist = well_thread_find($tidarr, $pagesize); // 按之前tidlist排序 $threadlist = array2_sort_key($threadlist, $tidlist, 'tid'); } $allowpost = forum_access_user($fid, $gid, 'allowpost'); $allowupdate = forum_access_mod($fid, $gid, 'allowupdate'); $allowdelete = forum_access_mod($fid, $gid, 'allowdelete'); $access = array('allowpost' => $allowpost, 'allowupdate' => $allowupdate, 'allowdelete' => $allowdelete); $header['title'] = $thread['subject']; $header['mobile_link'] = $thread['url']; $header['keywords'] = $thread['keyword'] ? $thread['keyword'] : $thread['subject']; $header['description'] = $thread['description'] ? $thread['description'] : $thread['brief']; $_SESSION['fid'] = $fid; if ($ajax) { empty($conf['api_on']) and message(0, lang('closed')); $apilist['header'] = $header; $apilist['extra'] = $extra; $apilist['access'] = $access; $apilist['thread'] = well_thread_safe_info($thread); $apilist['thread_data'] = $data; $apilist['forum'] = $forum; $apilist['imagelist'] = $imagelist; $apilist['filelist'] = $thread['filelist']; $apilist['threadlist'] = $threadlist; message(0, $apilist); } else { include _include(theme_load('single_page', $fid)); } break; default: message(-1, lang('data_malformation')); break; } ?>