Detailed explanation of mutual communication between main and iframe in php-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Detailed explanation of mutual communication between main and iframe in php

黄舟

Sep 15, 2017 am 09:19 AM

iframemainphp

这篇文章主要介绍了php main 与 iframe 相互通讯类(js+php同域/跨域),需要的朋友可以参考下

main 与 iframe 相互通讯类

今天把main与iframe相互通讯的方法封装成类，主要有两个文件，

JS：FrameMessage.js 实现调用方法的接口，如跨域则创建临时iframe，调用同域执行者。
PHP：FrameMessage.class.php 实现接收到跨域请求时，根据参数返回执行方法的JS code。

功能如下：

1.支持同域与跨域通讯
2.传递的方法参数支持字符串，JSON，数组等。

复制代码代码如下:

FrameMessage.exec(&#39;http://127.0.0.1/execB.php&#39;, &#39;myframe&#39;, &#39;fIframe&#39;, [&#39;fdipzone&#39;, &#39;{"gender":"male","age":"29"}&#39;, &#39;["http://blog.csdn.net/fdipzone", "http://weibo.com/fdipzone"]&#39;]);

代码如下:

FrameMessage.exec(&#39;http://localhost/execA.php&#39;, &#39;&#39;, &#39;fMain&#39;, [&#39;programmer&#39;, &#39;{"first":"PHP","second":"javascript"}&#39;, &#39;["EEG","NMG"]&#39;]);

因部分浏览器不支持JSON.stringify 与JSON.parse 方法（如IE6/7），为了兼容，需要包含json2.js，下载地址：

https://github.com/douglascrockford/JSON-js

FrameMessage.js

/** Main 与 Iframe 相互通讯类 支持同域与跨域通讯
*	Date:  2013-12-29
*  Author: fdipzone
*  Ver:  1.0
*/
var FrameMessage = (function(){

  this.oFrameMessageExec = null; // 临时iframe

  /* 执行方法
  executor 执行的页面,为空则为同域
  frame  要调用的方法的框架名称,为空则为parent
  func   要调用的方法名
  args   要调用的方法的参数,必须为数组[arg1, arg2, arg3, argn...],方便apply调用
       元素为字符串格式,请不要使用html,考虑注入安全的问题会过滤
  */
  this.exec = function(executor, frame, func, args){

    this.executor = typeof(executor)!=&#39;undefined&#39;? executor : &#39;&#39;;
    this.frame = typeof(frame)!=&#39;undefined&#39;? frame : &#39;&#39;;
    this.func = typeof(func)!=&#39;undefined&#39;? func : &#39;&#39;;
    this.args = typeof(args)!=&#39;undefined&#39;? (__fIsArray(args)? args : []) : []; // 必须是数组

    if(executor==&#39;&#39;){
      __fSameDomainExec(); // same domain
    }else{
      __fCrossDomainExec(); // cross domain
    }

  }

  /* 同域执行 */
  function __fSameDomainExec(){
    if(this.frame==&#39;&#39;){ // parent
      parent.window[this.func].apply(this, this.args);
    }else{
      window.frames[this.frame][this.func].apply(this, this.args);
    }
  }

  /* 跨域执行 */
  function __fCrossDomainExec(){
    if(this.oFrameMessageExec == null){
      this.oFrameMessageExec = document.createElement(&#39;iframe&#39;);
      this.oFrameMessageExec.name = &#39;FrameMessage_tmp_frame&#39;;
      this.oFrameMessageExec.src = __fGetSrc();
      this.oFrameMessageExec.style.display = &#39;none&#39;;
      document.body.appendChild(this.oFrameMessageExec);
    }else{
      this.oFrameMessageExec.src = __fGetSrc();
    }
  }

  /* 获取执行的url */
  function __fGetSrc(){
    return this.executor + (this.executor.indexOf(&#39;?&#39;)==-1? &#39;?&#39; : &#39;&&#39;) + &#39;frame=&#39; + this.frame + &#39;&func=&#39; + this.func + &#39;&args=&#39; + JSON.stringify(this.args) + &#39;&framemessage_rand=&#39; + Math.random();
  }

  /* 判断是否数组 */
  function __fIsArray(obj){
    return Object.prototype.toString.call(obj) === &#39;[object Array]&#39;;
  }

  return this;

}());

FrameMessage.class.php

<?php
/** Frame Message class main 与 iframe 相互通讯类
*  Date:  2013-12-29
*  Author: fdipzone
*  Ver:  1.0
*
*  Func:
*  public execute 根据参数调用方法
*  private returnJs 创建返回的javascript
*  private jsFormat 转义参数
*/

class FrameMessage{ // class start

  /* execute 根据参数调用方法
  * @param String $frame 要调用的方法的框架名称,为空则为parent
  * @param String $func 要调用的方法名
  * @param JSONstr $args 要调用的方法的参数
  * @return String
  */
  public static function execute($frame, $func, $args=&#39;&#39;){

    if(!is_string($frame) || !is_string($func) || !is_string($args)){
      return &#39;&#39;;
    }

    // frame 与 func 限制只能是字母数字下划线
    if(($frame!=&#39;&#39; && !preg_match(&#39;/^[A-Za-z0-9_]+$/&#39;,$frame)) || !preg_match(&#39;/^[A-Za-z0-9_]+$/&#39;,$func)){
      return &#39;&#39;;
    }

    $params_str = &#39;&#39;;

    if($args){
      $params = json_decode($args, true);
      
      if(is_array($params)){

        for($i=0,$len=count($params); $i<$len; $i++){ // 过滤参数,防止注入
          $params[$i] = self::jsFormat($params[$i]);
        }
        
        $params_str = "&#39;".implode("&#39;,&#39;", $params)."&#39;";
      }
    }

    if($frame==&#39;&#39;){ // parent
      return self::returnJs("parent.parent.".$func."(".$params_str.");");
    }else{
      return self::returnJs("parent.window.".$frame.".".$func."(".$params_str.");");
    }

  }


  /** 创建返回的javascript
  * @param String $str
  * @return String 
  */
  private static function returnJs($str){

    $ret = &#39;<script type="text/javascript">&#39;."\r\n";
    $ret .= $str."\r\n";
    $ret .= &#39;</script>&#39;;

    return $ret;
  }


  /** 转义参数
  * @param String $str
  * @return String
  */
  private static function jsFormat($str){

    $str = strip_tags(trim($str)); // 过滤html
    $str = str_replace(&#39;\\s\\s&#39;, &#39;\\s&#39;, $str);
    $str = str_replace(chr(10), &#39;&#39;, $str);
    $str = str_replace(chr(13), &#39;&#39;, $str);
    $str = str_replace(&#39; &#39;, &#39;&#39;, $str);
    $str = str_replace(&#39;\\&#39;, &#39;\\\\&#39;, $str);
    $str = str_replace(&#39;"&#39;, &#39;\\"&#39;, $str);
    $str = str_replace(&#39;\\\&#39;&#39;, &#39;\\\\\&#39;&#39;, $str);
    $str = str_replace("&#39;", "\&#39;", $str);

    return $str;
  }

} // class end

?>

A.html

main window

A.html main

B.html

iframe window

B.html iframe

execA.php 与 execB.php

<?php
require &#39;FrameMessage.class.php&#39;;

$frame = isset($_GET[&#39;frame&#39;])? $_GET[&#39;frame&#39;] : &#39;&#39;;
$func = isset($_GET[&#39;func&#39;])? $_GET[&#39;func&#39;] : &#39;&#39;;
$args = isset($_GET[&#39;args&#39;])? $_GET[&#39;args&#39;] : &#39;&#39;;

$result = FrameMessage::execute($frame, $func, $args);

echo $result;
?>

The above is the detailed content of Detailed explanation of mutual communication between main and iframe in php. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AM

ToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si

How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AM

The steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.

How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PM

The article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.

What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PM

The article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.

How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PM

Article discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

How to fix KB5055523 fails to install in Windows 11?

3 weeks agoByDDD

InZoi: How To Apply To School And University

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks agoByDDD

Where to find the Site Office Key in Atomfall

4 weeks agoByDDD

Hot Tools

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.