更新时间:2023-09-20 18:03:28
你可以还可以使用 iframe
并使用script / css URL作为框架的 src
(因此它根本不被评估/应用),尽管在这种情况下你想要确保JavaScript / CSS与Content-Type text / plain
一起提供,以避免在<
字符等情况下发生不幸事件。虽然你应该在这个方法上遇到SOP问题,但是在一个不错的浏览器上,如果 iframe
src
来自另一个来源。
You can also use an iframe
and use the script/css URL as the src
of the frame (so it isn't evaluated/applied at all), although you'd want to be sure in that case that the JavaScript/CSS was delivered with Content-Type text/plain
to avoid unfortunate things happening with <
characters and such. Although you should run into SOP issues with this approach as well, on a decent browser, if the iframe
src
is from a different origin.
除此之外,我认为你在很大程度上已经列出了你所列出的选项。
Other than that, I think you largely have it covered with the options you list.