Bypass WebView crossdomain security

Scenary

  • A Cocoa application with a WebView element that loads file:///index.html
  • A local resource file:///index.html that has an editable iframe with src="javascript:;"
  • The editable iframe contains another iframe with src="file:///resource.html"
  • Problem

    It seems that WebView does not allow loading local resources (resource.html) inside documents that are not local (iframe with src="javascript:;").

    This is the exact message from the Error Console of Safari for MacOSX:

    Not allowed to load local resource: file:///resource.html
    

    Question

    Do you know any way to bypass this security check? I can modify all the javascript and Cocoa code, but I preffer to modify only the Cocoa code.

    Thanks guys!


    Finally I downloaded the source code of WebKit, inserted a return true in the certain place to disable these security measures and compiled it.

    It seems that it works.

    链接地址: http://www.djcxy.com/p/34816.html

    上一篇: 检查员在哪里可以看到由chrome加载的字体文件?

    下一篇: 绕过WebView跨域安全性