一段有关JavaScript的翻译

          产生许多浏览器窗口和改变当前的窗口是JavaScript非常常见的用途。这些用途非常令人厌烦而且还不安全,因为你永远无法确定你网页的访客是否能够处理调整了的窗口或者当有新的窗口时会被她的用户代理通知到。想象一下倾听你的网站的屏幕阅读用户或文本浏览器用户。窗口过去常被用作没有请求的广告(弹出广告)以及在隐藏的窗口中执行代码以获取数据(网络钓鱼),这就是为什么浏览器制造商和第三方软件供应商提供了许多软件和浏览器设置来阻止这些滥用的行为。Mozilla firefox用户可以选择他们是否想要弹出窗口以及使用JavaScript可以改变什么窗口属性。如图6-11所示。

      其它的一些浏览器如MSIE 7或Opera 8不允许隐藏新窗口的地址栏且可以强制改变新窗口的大小和位置限制。

注解:这是不同的浏览器制造商为了阻止安全攻击而达成的协议中的一点。打开一个不带明显地址栏的新窗口会允许恶意攻击者在第三方网站上通过跨站点脚本(Cross-Site Scripting,简写为XSS)打开一个弹出窗口,使这个窗口看上去属于这个第三方站点并要求用户输入信息。在网站Wikipedia: http://en.wikipedia.org/wiki/XSS上可以找到更多有关XSS的资料  
原文:
Windows and JavaScript
Spawning new browser windows and altering the current window are very common uses for
JavaScript. These are also very annoying and unsafe, as you can never be sure if the visitor of
your web page can deal with resized windows or will be notified by her user agent when there
is a new window. Think of screen reader users listening to your site or text browser users.
Windows have been used for unsolicited advertising (pop-up windows) and executing
code in hidden windows for data retrieval purposes (phishing) in the past, which is why
browser vendors and third-party software providers have come up with a lot of software
and browser settings to stop this kind of abuse. Mozilla Firefox users can choose whether
they want pop-up windows and what properties of the window can be changed by JavaScript
as shown in Figure 6-11.
Figure 6-11. The advanced JavaScript settings in Mozilla Firefox
Other browsers like MSIE 7 or Opera 8 disallow hiding the location bar in new windows
and can impose size and position constraints on new windows.
 
posted @ 2007-02-15 13:38  爱生活,爱编程  阅读(190)  评论(0编辑  收藏  举报