我是编码新手,但有一个问题我有这个代码:
<script class="scriptId_300x160_331391" type="text/javascript">
var ci_cap_scriptId = "331391";
var ci_cap_bid = "1472100001";
var ci_cap_format = "300x160";
var ci_cap_channel = "";
</script>
<noscript><p>Coupons powered by <a href="https://www.coupons.com?
pid=13903&nid=10&zid=xh20&bid=1472100001">Coupons.com</a></p>
</noscript>
<script type="text/javascript" src="//bc.coupons.com"></script>
我试图弄清楚如何在 HTML iFrame 中正确显示它。我的网站是通过 Wix.com 托管的,他们只显示这种格式的代码,有关于添加/编辑内容以便显示的建议吗?我尝试使用 JSFiddle ( http://jsfiddle.net/9rzrt5yL/1/ ) 但它会显示在 HTML 中,但不会显示在 Javascript 中(这是我需要它才能工作的)
最佳答案
答案是你不能,因为 XSS attack
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.
对于您的情况,我认为您应该查看 WIX 文档或请求 WIX 支持人员来帮助您。我认为他们会在某个地方有一些东西。
关于javascript - 如何将 HTML 代码小部件转换为 Javascript 格式,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50033803/