Iframe sandbox postMessage
An amp-iframe must have static layout defined as is the case with any other AMP element. To do so: The amp-iframe must be defined with the resizable attribute. 一、allow-scripts 允许执行js二、allow-same-origin 同源,允许父子页面共享cookie, 互相操作.三、当被嵌入的文档与主页面同源时,强烈建议不要同时使用 allow-scripts 和allow-same-origin ,否则的话将允许嵌入的文档通过代码删除 sandbox 属性。虽然你可以这么做,但是这样的话其安全性还不如不用sandbox。 Using iframes to sandbox untrusted code. window.frames – a collection of nested window objects, window.parent, window.top are the references to parent and top windows, iframe.contentWindow is the window inside an