´Ù¸¥ domain °£ÀÇ ÆäÀÌÁö(origin check) Go to window


µÎ °³ ÀÌ»óÀÇ ÇÁ·¹ÀÓÀ» °¡Áø ÆäÀÌÁö °£¿¡ ÂüÁ¶¸¦ ÇÒ ¼ö ¾ø´Â °æ¿ì°¡ Àִµ¥, ¼¼°¡Áö ÀÌÀ¯°¡ ÀÖ½À´Ï´Ù.
1. domain, 2. protocol, 3. port ÀÌ ´Ù¸¦ ¶§, ¼­·Î ÂüÁ¶ÇÒ ¼ö ¾ø½À´Ï´Ù.


http://company.com/dir/page.html¿¡¼­ ¾Æ·¡ÀÇ URLÀ» ÂüÁ¶ ÇßÀ»¶§ÀÇ °á°úÀÔ´Ï´Ù.

URL°á°úÀÌ À¯
http://company.com/dir2/other.html°¡´É 
http://company.com/dir/inner/another.html°¡´É 
http://www.company.com/dir/other.htmlºÒ°¡´É´Ù¸¥ domain
file://D|/myPage.htmºÒ°¡´É´Ù¸¥ protocol
http://company.com:80/dir/etc.htmlºÒ°¡´É´Ù¸¥ port

À§ÀÇ °æ¿ì Áß¿¡¼­ ÂüÁ¶ÇÒ ¼ö ÀÖ´Â ÇÑ °¡Áö ¿¹¿Ü°¡ ÀÖ½À´Ï´Ù. domainÀÔ´Ï´Ù.
http://www.company.com/dir/other.html ¿¡¼­ document.domain = "company.com";·Î ÁöÁ¤ÇÏ¸é ¼­·Î ÂüÁ¶ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ°ÍÀÇ ½ÇÇà ÈÄ¿¡ http://company.com/dir/page.html ÆäÀÌÁö¸¦ ÂüÁ¶ÇÒ ¼ö ÀÖ½À´Ï´Ù.


ÂüÁ¶ °¡´ÉÇÒ ¶§ »ç¿ëÇÒ ¼ö ÀÖ´Â Properties
ObjectProperties
Imagessrc, lowsrc
Layersrc
Locationx, y ¿Ü¿¡ ¸ðµÎ
Windowfind
Document For both read and write: anchors, applets, cookie, domain, elements, embeds, forms, lastModified, length, links, referrer, title, URL, formName (for each named form), reflectedJavaClass (for each Java class reflected into JavaScript using LiveConnect)

For write only: all other properties


NN3¿Í NN4¿¡¼­ ´Þ¶óÁø Origin Check(domain, protocol, port°¡ ´Ù¸¥ ÆäÀÌÁö°£ÀÇ ÂüÁ¶½Ã ÀϾ.)
1. form

À̸§ÀÌ ÀÖ´Â formÀº NN4¿¡¼­ origin check¿¡ °É¸³´Ï´Ù. ÀÌ°ÍÀ» ÇÇÇϱâ À§Çؼ­ Æû À̸§À» ¿ÜºÎº¯¼ö·Î ÀúÀåÇÏ¿© window objectÀÇ property·Î ¸¸µé¸é ÀÌ ¶§ºÎÅÍ ±× ¿ÜºÎº¯¼ö´Â ÁöÁ¤¹ÞÀº ÆûÀÌ µË´Ï´Ù. ÀÌ ¿ÜºÎº¯¼ö·Î ÂüÁ¶ÇÒ formÀ» »ç¿ëÇÏ¸é µË´Ï´Ù.

2. file:URL

NN3¿¡¼­´Â <script SRC="...">·Î ¾Æ¹«·± protocol(file:, http:)µµ »ç¿ëÇÒ ¼ö ÀÖ¾úÁö¸¸, NN4¿¡¼­´Â ÇÑ°¡Áö Á¦ÇÑ »çÇ×ÀÌ »õ·ÎÀÌ »ý°å½À´Ï´Ù. ±×°ÍÀº <script SRC="...">ÀÇ ...¿¡ file: ¿ÜÀÇ protocolÀ» °¡Áø È­ÀÏÀ» ¿­¾úÀ» ¶§, ¿­¸° È­ÀÏ¿¡¼­´Â <script SRC="file:...">À» »ç¿ëÇÒ ¼ö ¾ø½À´Ï´Ù. file:À» »ç¿ëÇÒ·Á¸é ÇÑ°¡Áö¸¦ Netscape »ç¿ëÀÚ Æú´õÀÇ prefs.jsÈ­ÀÏ¿¡ ³Ö¾î Áà¾ß Çϴµ¥, ±×°ÍÀº ¾Æ·¡ÀÔ´Ï´Ù.

user_pref("javascript.allow.file_src_from_non_file", true);

ÀÌ°ÍÀº ÁÖÀÇÇؼ­ »ç¿ëÇØ¾ß ÇÕ´Ï´Ù. º¸¾È»ó ¹®Á¦°¡ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù.

3. Layer

Layer¿¡¼­ origin check´Â ´Ù¸¥ originsÀÇ layer¿¡¼­ ÀϾ´Ï´Ù.
¾î¶² ÆäÀÌÁö°¡ Çϳª ÀÌ»óÀÇ layer¸¦ °¡Áö°í ÀÖÀ» ¶§, ÆäÀÌÁö °£ÀÇ layer¸¦ ¸ÕÀú »ç¿ëÇϱâ Àü¿¡ origin check¸¦ ¸ÕÀú ÇÕ´Ï´Ù.

4. Java Applet¿¡¼­ Origin Check°¡ ÀϾ´Â ¶§.

Applet°¡ JavaScript¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÏ´Â MYSCRIPT attribute¸¦ °¡Áö°í ÀÖ´Â Applet°¡ JavaScript¸¦ È£ÃâÇÒ ¶§ ÀϾ´Ï´Ù. ¿©±â¼­ appletÀÇ originÀº applet ÅÃÀ» °¡Áö°í ÀÖ´Â ÆäÀÌÁöÀÇ URLÀÔ´Ï´Ù.



ÀÌ ÆäÀÌÁö Origin Check´Â È®ÀÎ Çغ¸Áö ¸øÇß½À´Ï´Ù.
Netscape »çÀÇ ¼³¸íÀ» ¹ø¿ªÇÑ °ÍÀÔ´Ï´Ù.

IE¿¡¼­´Â ´Ù¸¦ ¼ö ÀÖ½À´Ï´Ù.



--
ie4¿¡¼­ ÇÁ·¹ÀÓ¿¡¼­ µÎ ÆäÀÌÁö°¡ °°Àº domain ÀÌ¶óµµ host°¡ ´Ù¸¦¶§ ¼­·Î ÆäÀÌÁö¸¦ ÂüÁ¶ÇÒ ¼ö ¾ø½À´Ï´Ù. ie4¿¡¼­ ´Ù¸¥ zone(Áö¿ªµµ¸ÞÀÎ) ÀÇ ÆäÀÌÁö¸¦ ÂüÁ¶Çϱâ À§Çؼ­´Â µÎ ÆäÀÌÁö¿¡ ¸ðµÎ¿¡ 
<script>
	document.domain = "mySite.com"
</script>
À¸·Î °°Àº µµ¸ÞÀÎÀ» ÁöÁ¤ÇÏ¿©¾ß ÇÏ¸é ´Ù¸¥ È£½ºÆ®ÀÇ ÆäÀÌÁö¸¦ ÂüÁ¶ÇÒ ¼ö ÀÖ½À´Ï´Ù. À§ÀÇ ¼³Á¤À» host1.mySite.com °ú host2.mySite.com ¿¡ ÀÖ´Â µÎ ÆäÀÌÁö¿¡¼­ ÁöÁ¤À» ÇؾßÇÕ´Ï´Ù. ÀÌ°ÍÀº ie3.x´ë ¿¡¼­´Â ¾ø°í ie4¿¡ Ãß°¡µÈ cross-frame security ÀÔ´Ï´Ù.


TOP