本文探讨了WebKit浏览器引擎的安全策略,特别是对于本地文件URL方案(file:)的处理方式。为了保障用户安全,非本地方案的网页不允许加载来自本地资源的内容,例如通过iframe尝试读取本地/etc/passwd文件。
WebKit considers certain URL schemes to be "local". One of these is file:. Pages with non-local schemes aren't allowed to load resources from local schemes for security reasons. (E.g., it would be bad if http://www.example.com/ could use <iframe src=file:///etc/passwd> to read your passwords!)
扫一扫
评论
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
查看更多评论
添加红包
