Bypass WebView crossdomain security

2018-06-12 03:56:01

A Cocoa application with a WebView element that loads file:///index.html

A local resource file:///index.html that has an editable iframe with src="javascript:;"

The editable iframe contains another iframe with src="file:///resource.html"

It seems that WebView does not allow loading local resources (resource.html) inside documents that are not local (iframe with src="javascript:;").

This is the exact message from the Error Console of Safari for MacOSX:

Not allowed to load local resource: file:///resource.html

Do you know any way to bypass this security check? I can modify all the javascript and Cocoa code, but I preffer to modify only the Cocoa code.

Thanks guys!

Finally I downloaded the source code of WebKit, inserted a return true in the certain place to disable these security measures and compiled it.

It seems that it works.

链接地址: http://www.djcxy.com/p/34816.html