[go: up one dir, main page]

WO2019119974A1 - Object uploading method and device - Google Patents

Object uploading method and device Download PDF

Info

Publication number
WO2019119974A1
WO2019119974A1 PCT/CN2018/112448 CN2018112448W WO2019119974A1 WO 2019119974 A1 WO2019119974 A1 WO 2019119974A1 CN 2018112448 W CN2018112448 W CN 2018112448W WO 2019119974 A1 WO2019119974 A1 WO 2019119974A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain
uploading
message
webpage
page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/112448
Other languages
French (fr)
Chinese (zh)
Inventor
刘益民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Publication of WO2019119974A1 publication Critical patent/WO2019119974A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Definitions

  • One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to an object uploading method and apparatus.
  • the first page may receive the object to be uploaded sent by the user after receiving the object to be uploaded.
  • the object is uploaded to a server corresponding to a web page supporting the object upload function (hereinafter referred to as a second page).
  • the communication process between the first page and the second page is often a process of cross-domain and asynchronous communication.
  • the cross-domain means that the protocol, the domain name, or the port of the first page and the second page are not all the same.
  • Asynchronous means that the first page does not need to jump to the page during the process of uploading the object to the server corresponding to the second page.
  • One or more embodiments of the present specification describe an object uploading method and apparatus for securely and reliably implementing cross-domain, asynchronous communication between pages.
  • an object uploading method including:
  • the first webpage page receives the object uploading message sent by the application programming interface API function that can implement cross-domain transmission of the message, where the first webpage page belongs to the first domain, and the second webpage page belongs to any Domain; the object upload message includes an object to be uploaded across domains;
  • the object is uploaded to the corresponding server;
  • the API function is called to send a link address of the object to the second web page.
  • an object uploading method including:
  • the second webpage page receives an object cross-domain upload request, where the object cross-domain upload request includes an object to be cross-domain uploaded; the second webpage page belongs to any domain;
  • the object uploading message is used to indicate that the first webpage page is verified after the legality verification of the object uploading message is passed Uploading the object to a corresponding server, and acquiring a link address of the object; the first webpage page belongs to the first domain;
  • an object uploading apparatus including:
  • a receiving unit configured to receive an object upload message sent by the second webpage page by using an application programming interface API function that can implement cross-domain transmission of the message, where the first webpage belongs to the first domain, and the second webpage belongs to the first webpage a domain; the object upload message includes an object to be uploaded across domains;
  • a verification unit configured to perform legality verification on the object upload message received by the receiving unit
  • a uploading unit configured to upload the object to a corresponding server after the verification unit passes the validity verification of the object upload message
  • the receiving unit is further configured to receive a link address of the object returned by the server;
  • a sending unit configured to invoke the API function to send a link address of the object to the second webpage page.
  • an object uploading apparatus including:
  • a receiving unit configured to receive an object cross-domain upload request, where the object cross-domain upload request includes an object to be uploaded across domains; the second web page belongs to any domain;
  • a sending unit configured to send an application interface API function that can implement message cross-domain transmission, to send an object upload message to the first webpage, where the object uploading message is used to indicate that the first webpage page is legally uploaded to the object After the verification is passed, the object is uploaded to the corresponding server, and the link address of the object is obtained; the first webpage page belongs to the first domain;
  • the receiving unit is further configured to receive a link address of the object returned by the first webpage page by calling the API function.
  • the first webpage page of the first domain receives an object uploading message sent by the second webpage page of any domain.
  • the validity of the object upload message is verified.
  • the object in the object upload message is uploaded to the corresponding server, and the link address of the object is obtained. Returning the link address of the object to the second web page.
  • FIG. 1 is a schematic diagram of an application scenario of an object uploading method according to an embodiment of the present disclosure
  • FIG. 3 is a flowchart of an object uploading method according to another embodiment of the present disclosure.
  • FIG. 5 is a schematic diagram of an object uploading apparatus according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram of an object uploading apparatus according to another embodiment of the present specification.
  • the object uploading method provided by an embodiment of the present disclosure may be applied to the scenario shown in FIG. 1.
  • the first webpage (Web) page belongs to the first domain, and the first domain may also be referred to as a custom domain. That is, the merchant itself defines the website agreement, the website domain name, and the access port. It can be bound to any existing domain.
  • the first web page has a corresponding server, which can provide an object storage function, or can provide an object storage service.
  • the objects here may include: documents, pictures, audio and video, and the like.
  • the second webpage page, the third webpage page, and the Nth webpage page in FIG. 1 may belong to different other domains, respectively, and the other domains may be any domain different from the first domain.
  • the first webpage page may be pre- Other web pages are configured accordingly.
  • the corresponding configuration may be performed in the first webpage page to enable the first webpage page to listen to messages sent by other webpage pages.
  • corresponding configuration may also be performed in other webpage pages, so that other webpages can listen to messages sent by the first webpage.
  • the first web page may have a one-to-many relationship with other web pages.
  • the "postMessage API function” when the first web page and other web pages are used to implement cross-domain and asynchronous message transmission by calling the postMessage application programming interface (API) function, the "postMessage API function" can be modified.
  • the origin parameter is used to perform the above configuration.
  • the "origin” parameter can be set to "*" in the first web page.
  • the first webpage may match the domain of the other webpage with the parameter value of the "origin" parameter, and if the matching is successful, the interception is performed. Message. Otherwise it will not be monitored.
  • the corresponding configuration may also be performed by other means, for example, in the first webpage page, the source of the message is not judged. This specification will not be repeated here.
  • FIG. 2 is a flowchart of an object uploading method according to an embodiment of the present disclosure.
  • the execution body of the method may be the first web page in FIG. As shown in FIG. 2, the method may specifically include:
  • Step 210 The first webpage page receives an object upload message sent by the second webpage page by calling an application programming interface API function that can implement message cross-domain transmission.
  • the first webpage page belongs to the first domain.
  • the first domain may be defined by the merchant itself, for example, may be defined as: "fengdie.alipay.com”.
  • the second web page belongs to any domain, for example, any of the domains may be: "www.abc.cn”. That is, the first web page in the embodiment of the present specification can receive a message sent from a web page (also referred to as an outer domain page) of any domain.
  • the object upload message in step 210 may include an object to be uploaded across domains, such as a document, a picture, or an audio or video.
  • the first webpage page may be loaded in the second webpage page in a hidden manner (ie, the first webpage page is bound to the domain of the second webpage page).
  • the second web page loads the first web page by generating an iframe tag having a height of 0 and a width of 0 (the tag is a basic unit in a markup language for creating a web page).
  • the first web page and the second web page run on the same terminal. For example, it runs on the computer or mobile terminal currently used by the user. Only the browser installed on the terminal only displays the second web page.
  • the second web page can be directly interacted by the user, and the first web page is invisible to the user.
  • the first webpage page and the second webpage page belong to different domains. That is to say, the communication between the two web pages is cross-domain communication.
  • the second webpage page may send the object uploading message to the first webpage by calling an API function that can implement cross-domain transmission of the message.
  • the above API function that enables message cross-domain transfer can be a postMessage API function.
  • the postMessage can not pass the file list (Filelist), because this part of the browser can usually pass the string directly, so before sending the above object upload message, the second web page can The object to be uploaded is first converted to the corresponding string (also known as serialization). Taking the object to be uploaded as an example, the second web page can convert the image into a base64 encoded string using the readAsDataURL method in the FileReader class. It can be understood that when the object to be uploaded is first serialized, the object upload message includes the serialized object. Correspondingly, after receiving the object upload message, the first web page first determines whether the object in the message is a serialized object. As in the previous example, it is first determined whether the object in the message is a base64 encoded string. If so, the serialized object is deserialized to obtain the original object. This achieves better compatibility.
  • postMessage can pass the filelist.
  • the two web pages can directly transfer objects (for example, can directly transfer images) without serialization.
  • Step 220 Perform legality verification on the object upload message.
  • Step 230 After verifying the validity of the object uploading message, upload the object to the corresponding server.
  • the first web page may perform legality verification on the object upload message before uploading the object to the corresponding server. After the validity of the object upload message is verified, the object is uploaded to the corresponding server.
  • the verification of the legality of the message belongs to the conventional conventional technology, and will not be repeated here.
  • the first webpage page may upload an object to the corresponding server by using an AJAX post() method.
  • Step 240 Receive a link address of an object returned by the server.
  • the server may return a Uniform Resource Locator (URL) address of the object to the first web page.
  • URL Uniform Resource Locator
  • Step 250 calling an API function to send a link address of the object to the second webpage page.
  • the first web page may return the URL address of the object to the second web page by calling the postMessage API function described above.
  • the second web page may display the URL address to the user.
  • the user receives a click command for the URL address, the corresponding object can be presented to the user.
  • the object uploading method provided in the foregoing embodiment of the present disclosure may first send an object upload message to a webpage of the first domain when the webpage of any domain wants to upload the object to the server of the webpage of the first domain.
  • the webpage of the first domain can verify the validity of the message, and after the legality verification is passed, upload the object to the corresponding server.
  • the security of the communication is ensured.
  • the method since the method only involves communication between two cross-domain web pages, and communication between web pages in the domain and the server, there is an advantage that the scheme is simple in design.
  • the process for implementing the above solution can be packaged in a software development kit (SDK).
  • SDK software development kit
  • the web page of any of the domains does not need to perceive what the server is, nor does it need to know how to send AJAX between the webpage of the first domain and the corresponding server.
  • FIG. 3 is a flowchart of an object uploading method according to another embodiment of the present specification.
  • the execution body of the method may be the second web page in FIG. As shown in FIG. 3, the method may specifically include:
  • Step 310 The second webpage page receives the object cross-domain upload request.
  • the second web page here can be a web page of any domain.
  • the web page can be directly interacted with the user after being loaded by the browser.
  • the above cross-domain upload request may be sent when the user selects a picture to upload and clicks the send button.
  • the above object cross-domain upload request may include an object to be uploaded across domains, such as the above picture, document, audio and video, and the like.
  • Step 320 Call an application interface API function that can implement message cross-domain transmission to send an object upload message to the first webpage page.
  • the first webpage page may be loaded in the second webpage page in a hidden manner (ie, the first webpage page is bound to the domain to which the second webpage page belongs).
  • the above API function that enables message cross-domain transfer can be a postMessage API function.
  • the second web page may serialize the object to be uploaded before sending the object upload message.
  • the second web page can convert the image into a base64 encoded string using the readAsDataURL method in the FileReader class.
  • the object upload message includes the serialized object.
  • the first webpage first determines whether the object in the message is a serialized object, and if so, deserializes the serialized object, thereby obtaining the original Object. This achieves better compatibility.
  • postMessage can pass the filelist.
  • the two web pages can directly transfer objects (for example, can directly transfer images) without serialization.
  • Step 330 Receive a link address of an object returned by the first webpage page by calling an API function.
  • the first web page may return the URL address of the object to the second web page by calling the postMessage API function described above.
  • the second web page may display the URL address to the user.
  • the user receives a click command for the URL address, the corresponding object can be presented to the user.
  • the following initialization operations may be performed: performing corresponding configuration on the external domain page, so that the external domain page can listen to the message sent by the ⁇ domain page, for example, the postMessage can be
  • the "origin" parameter in the API function is set to the domain name of the ⁇ domain page.
  • the corresponding configuration is also performed on the XX domain page, so that the XX domain page can listen to the message sent by the global page.
  • the "origin" parameter in the postMessage API function can be set to "*".
  • step 410 the foreign domain page receives the picture selected by the user.
  • step 420 the foreign domain page converts the image into a base64 encoded string using the readAsDataURL method in the FileReader class.
  • step 430 the foreign domain page calls the postMessage API function to send a string to the XX domain page.
  • step 440 the ⁇ domain page converts the string into a picture.
  • Step 450 The ⁇ domain page uploads a picture to the ⁇ domain picture server by using the AJAX post() method.
  • step 460 the ⁇ domain picture server returns the URL address of the picture to the ⁇ domain page.
  • step 470 the ⁇ domain page calls the postMessage API function to send the URL address of the image to the outbound domain page.
  • an object uploading device is also provided in an embodiment of the present specification. As shown in FIG. 5, the device includes:
  • the receiving unit 501 is configured to receive an object upload message sent by the second webpage page by using an application programming interface API function that can implement cross-domain transmission of the message, where the first webpage belongs to the first domain, and the second webpage belongs to any domain.
  • the object upload message includes objects to be uploaded across domains.
  • the objects here can include any of the following: documents, pictures, and audio and video.
  • the verification unit 502 is configured to perform legality verification on the object upload message received by the receiving unit 501.
  • the uploading unit 503 is configured to upload an object to the corresponding server after the verification unit 502 verifies the validity of the object upload message.
  • the receiving unit 501 is further configured to receive a link address of an object returned by the server.
  • the sending unit 504 is configured to invoke an API function to send a link address of the object to the second webpage page.
  • the device may further include:
  • the determining unit 505 is configured to determine whether the object has been serialized.
  • the processing unit 506 is configured to deserialize the object.
  • the uploading unit 503 is specifically configured to: upload the deserialized object to the corresponding server.
  • the receiving unit 501 receives an object uploading message sent by the second webpage page by calling an application programming interface API function capable of realizing message cross-domain transmission.
  • the verification unit 502 performs legality verification on the object upload message. After the validity verification of the object upload message is passed, the uploading unit 503 uploads the object to the corresponding server.
  • the receiving unit 501 receives the link address of the object returned by the server.
  • the sending unit 504 calls the API function to send the link address of the object to the second web page.
  • an object uploading device is also provided in an embodiment of the present specification. As shown in FIG. 6, the device includes:
  • the receiving unit 601 is configured to receive an object cross-domain upload request, where the object cross-domain upload request includes an object to be uploaded across the domain; the second web page belongs to any domain.
  • the sending unit 602 is configured to send an object uploading message to the first webpage by using an application interface API function that can implement message cross-domain transmission, where the object uploading message is used to indicate that the first webpage is in the legality verification of uploading the message to the object. After the object is uploaded to the corresponding server, and the link address of the object is obtained; the first web page belongs to the first domain.
  • the receiving unit 601 is further configured to receive a link address of the object returned by the first webpage page by calling an API function.
  • the object uploading apparatus provided in one embodiment of the present specification can implement cross-domain and asynchronous communication between websites securely and reliably.
  • the functions described herein can be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Embodiments of the present disclosure provide an object uploading method and a device. The object uploading method comprises: a first webpage in a first domain receiving an object uploading message sent by a second webpage in an arbitrary domain; verifying the validity of the object uploading message; after the message passes the validity verification, uploading an object in the object uploading message to a corresponding server; acquiring a link address of the object; and returning the link address of the object to the second webpage.

Description

对象上传方法及装置Object uploading method and device 技术领域Technical field

本说明书一个或多个实施例涉及计算机技术领域,尤其涉及一种对象上传方法及装置。One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to an object uploading method and apparatus.

背景技术Background technique

目前,在用户访问不支持对象上传功能的网页页面(以下称为第一页面)的过程中,若有上传对象的需求,第一页面可以在接收到用户发送的待上传的对象之后,将该对象上传至支持对象上传功能的网页页面(以下称为第二页面)对应的服务器。上述第一页面与第二页面之间的通信过程往往是一种跨域、异步通信的过程。其中,跨域是指上述第一页面与第二页面的协议、域名或者端口不全部相同。异步是指第一页面在将对象上传至第二页面对应的服务器的过程中,不需要跳转页面。At present, in a process of a user accessing a webpage page (hereinafter referred to as a first page) that does not support the object uploading function, if there is a demand for uploading an object, the first page may receive the object to be uploaded sent by the user after receiving the object to be uploaded. The object is uploaded to a server corresponding to a web page supporting the object upload function (hereinafter referred to as a second page). The communication process between the first page and the second page is often a process of cross-domain and asynchronous communication. The cross-domain means that the protocol, the domain name, or the port of the first page and the second page are not all the same. Asynchronous means that the first page does not need to jump to the page during the process of uploading the object to the server corresponding to the second page.

因此,如何安全、可靠地实现页面之间的跨域、异步通信就称为要解决的问题。Therefore, how to implement cross-domain and asynchronous communication between pages securely and reliably is called a problem to be solved.

发明内容Summary of the invention

本说明书一个或多个实施例描述了一种对象上传方法及装置,以安全、可靠地实现页面之间的跨域、异步通信。One or more embodiments of the present specification describe an object uploading method and apparatus for securely and reliably implementing cross-domain, asynchronous communication between pages.

第一方面,提供了一种对象上传方法,包括:In a first aspect, an object uploading method is provided, including:

第一网页页面接收第二网页页面通过调用能实现消息跨域传输的应用程序编程接口API函数发送的对象上传消息,所述第一网页页面属于第一域,所述第二网页页面属于任一域;所述对象上传消息包括待跨域上传的对象;The first webpage page receives the object uploading message sent by the application programming interface API function that can implement cross-domain transmission of the message, where the first webpage page belongs to the first domain, and the second webpage page belongs to any Domain; the object upload message includes an object to be uploaded across domains;

对所述对象上传消息进行合法性验证;Performing legality verification on the object uploading message;

在对所述对象上传消息合法性验证通过后,向对应的服务器上传所述对象;After the validity of the uploading of the object is verified, the object is uploaded to the corresponding server;

接收所述服务器返回的所述对象的链接地址;Receiving a link address of the object returned by the server;

调用所述API函数向所述第二网页页面发送所述对象的链接地址。The API function is called to send a link address of the object to the second web page.

第二方面,提供了一种对象上传方法,包括:In a second aspect, an object uploading method is provided, including:

第二网页页面接收对象跨域上传请求,所述对象跨域上传请求包括待跨域上传的对 象;所述第二网页页面属于任一域;The second webpage page receives an object cross-domain upload request, where the object cross-domain upload request includes an object to be cross-domain uploaded; the second webpage page belongs to any domain;

调用能实现消息跨域传输的应用程序接口API函数向第一网页页面发送对象上传消息,所述对象上传消息用于指示所述第一网页页面在对所述对象上传消息合法性验证通过后将所述对象上传至对应的服务器,并获取所述对象的链接地址;所述第一网页页面属于第一域;Sending an object uploading API message to the first webpage page by using an application interface API function that can implement message cross-domain transmission, the object uploading message is used to indicate that the first webpage page is verified after the legality verification of the object uploading message is passed Uploading the object to a corresponding server, and acquiring a link address of the object; the first webpage page belongs to the first domain;

接收所述第一网页页面通过调用所述API函数返回的所述对象的链接地址。Receiving, by the first web page, a link address of the object returned by calling the API function.

第三方面,提供了一种对象上传装置,包括:In a third aspect, an object uploading apparatus is provided, including:

接收单元,用于接收第二网页页面通过调用能实现消息跨域传输的应用程序编程接口API函数发送的对象上传消息,所述第一网页页面属于第一域,所述第二网页页面属于任一域;所述对象上传消息包括待跨域上传的对象;a receiving unit, configured to receive an object upload message sent by the second webpage page by using an application programming interface API function that can implement cross-domain transmission of the message, where the first webpage belongs to the first domain, and the second webpage belongs to the first webpage a domain; the object upload message includes an object to be uploaded across domains;

验证单元,用于对所述接收单元接收的所述对象上传消息进行合法性验证;a verification unit, configured to perform legality verification on the object upload message received by the receiving unit;

上传单元,用于在所述验证单元对所述对象上传消息合法性验证通过后,向对应的服务器上传所述对象;a uploading unit, configured to upload the object to a corresponding server after the verification unit passes the validity verification of the object upload message;

所述接收单元,还用于接收所述服务器返回的所述对象的链接地址;The receiving unit is further configured to receive a link address of the object returned by the server;

发送单元,用于调用所述API函数向所述第二网页页面发送所述对象的链接地址。And a sending unit, configured to invoke the API function to send a link address of the object to the second webpage page.

第四方面,提供了一种对象上传装置,包括:In a fourth aspect, an object uploading apparatus is provided, including:

接收单元,用于接收对象跨域上传请求,所述对象跨域上传请求包括待跨域上传的对象;所述第二网页页面属于任一域;a receiving unit, configured to receive an object cross-domain upload request, where the object cross-domain upload request includes an object to be uploaded across domains; the second web page belongs to any domain;

发送单元,用于调用能实现消息跨域传输的应用程序接口API函数向第一网页页面发送对象上传消息,所述对象上传消息用于指示所述第一网页页面在对所述对象上传消息合法性验证通过后将所述对象上传至对应的服务器,并获取所述对象的链接地址;所述第一网页页面属于第一域;a sending unit, configured to send an application interface API function that can implement message cross-domain transmission, to send an object upload message to the first webpage, where the object uploading message is used to indicate that the first webpage page is legally uploaded to the object After the verification is passed, the object is uploaded to the corresponding server, and the link address of the object is obtained; the first webpage page belongs to the first domain;

所述接收单元,还用于接收所述第一网页页面通过调用所述API函数返回的所述对象的链接地址。The receiving unit is further configured to receive a link address of the object returned by the first webpage page by calling the API function.

本说明书一个或多个实施例提供的对象上传方法及装置,第一域的第一网页页面接收任一域的第二网页页面发送的对象上传消息。对该对象上传消息进行合法性验证,在合法性验证通过后,将对象上传消息中的对象上传至对应的服务器,并获取该对象的链接地址。向上述第二网页页面返回该对象的链接地址。由此可以看出,本说明书的实施 例中,当任一域的网页页面想要上传对象至第一域的服务器时,可以先将该对象转发至第一域的网页页面,在该第一域的网页页面进行合法性验证后,再将该对象上传至第一域的服务器。由此,可以安全、可靠地实现页面之间的跨域、异步通信。The object uploading method and apparatus provided by one or more embodiments of the present specification, the first webpage page of the first domain receives an object uploading message sent by the second webpage page of any domain. The validity of the object upload message is verified. After the legality verification is passed, the object in the object upload message is uploaded to the corresponding server, and the link address of the object is obtained. Returning the link address of the object to the second web page. It can be seen that, in the embodiment of the present specification, when a webpage page of any domain wants to upload an object to a server of the first domain, the object may be first forwarded to the webpage of the first domain, where the first After the domain page of the domain is verified for legality, the object is uploaded to the server of the first domain. Thereby, cross-domain and asynchronous communication between pages can be realized safely and reliably.

附图说明DRAWINGS

为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without any creative work.

图1为本说明书一个实施例提供的对象上传方法的应用场景示意图;FIG. 1 is a schematic diagram of an application scenario of an object uploading method according to an embodiment of the present disclosure;

图2为本说明书一个实施例提供的对象上传方法流程图;2 is a flowchart of an object uploading method provided by an embodiment of the present specification;

图3为本说明另一个实施例提供的对象上传方法流程图;FIG. 3 is a flowchart of an object uploading method according to another embodiment of the present disclosure;

图4为本说明书再一个实施例提供的对象上传方法的信息交互图;4 is an information interaction diagram of an object uploading method provided by another embodiment of the present specification;

图5为本说明书一个实施例提供的对象上传装置示意图;FIG. 5 is a schematic diagram of an object uploading apparatus according to an embodiment of the present disclosure;

图6为本说明书另一个实施例提供的对象上传装置示意图。FIG. 6 is a schematic diagram of an object uploading apparatus according to another embodiment of the present specification.

具体实施方式Detailed ways

在介绍本说明书提供的方案之前,先解释两个概念:同域和跨域。为了保证信息的安全,所有浏览器都实行一个策略:网站协议、网站域名以及访问端口三者都相同的两个网页页面,才可以不受限制访问对方的本地存储(如,Cookie、LocalStorage和IndexDB等)、操作对方文档对象模型(Document Object Model,DOM)、向对方发送异步JavaScript和可扩展标记语言(Extensible Markup Language,XML)(Asynchronous Javascript And XML,AJAX)。本说明书中的域通过网站协议、网站域名以及访问端口来定义。需要说明的是,当两个网页页面不满足上述三者相同的条件时称为跨域,而当满足这三者相同的条件时称为同域。Before introducing the solutions provided in this specification, explain two concepts: the same domain and cross-domain. In order to ensure the security of information, all browsers implement a policy: the website protocol, the website domain name and the two web pages with the same access port, so that they can access the other party's local storage without restrictions (eg, Cookie, LocalStorage and IndexDB). Etc., operate the other document object model (DOM), send asynchronous JavaScript to the other party and Extensible Markup Language (XML) (Asynchronous Javascript And XML, AJAX). The fields in this manual are defined by website protocols, website domain names, and access ports. It should be noted that when two webpage pages do not satisfy the same conditions as the above three, they are called cross-domain, and when the same conditions of the three are met, they are called the same domain.

下面结合附图,对本说明书提供的方案进行描述。The solution provided in this specification will be described below with reference to the accompanying drawings.

本说明书一个实施例提供的对象上传方法可以应用于如图1所示的场景中,图1中,第一网页(Web)页面属于第一域,该第一域也可以称为自定义域,即由商家自己定义 网站协议、网站域名以及访问端口。其可以绑定在任何已有的域下。该第一网页页面具有对应的服务器,该服务器可以提供对象存储功能,或者说可以提供对象存储服务。此处的对象可以包括:文档、图片或者音视频等。图1中的第二网页页面、第三网页页面以及第N网页页面可以分别属于不同的其它域,该其它域可以为不同于第一域的任一域。The object uploading method provided by an embodiment of the present disclosure may be applied to the scenario shown in FIG. 1. In FIG. 1, the first webpage (Web) page belongs to the first domain, and the first domain may also be referred to as a custom domain. That is, the merchant itself defines the website agreement, the website domain name, and the access port. It can be bound to any existing domain. The first web page has a corresponding server, which can provide an object storage function, or can provide an object storage service. The objects here may include: documents, pictures, audio and video, and the like. The second webpage page, the third webpage page, and the Nth webpage page in FIG. 1 may belong to different other domains, respectively, and the other domains may be any domain different from the first domain.

需要说明的是,为了能实现第一网页页面与其它网页页面(包括第二网页页面、第三网页页面或者第N网页页面)之间的跨域、异步通信,可以预先在第一网页页面以及其它网页页面进行相应的配置。如,可以在第一网页页面中进行相应的配置,以实现第一网页页面可以监听其它网页页面发送的消息。此外,还可以在其它网页页面中也进行相应的配置,以实现其它网页页面可以监听第一网页页面发送的消息。本说明书中,第一网页页面与其它网页页面之间可以是一对多的关系。It should be noted that, in order to enable cross-domain and asynchronous communication between the first webpage page and other webpage pages (including the second webpage page, the third webpage page, or the Nth webpage page), the first webpage page may be pre- Other web pages are configured accordingly. For example, the corresponding configuration may be performed in the first webpage page to enable the first webpage page to listen to messages sent by other webpage pages. In addition, corresponding configuration may also be performed in other webpage pages, so that other webpages can listen to messages sent by the first webpage. In this specification, the first web page may have a one-to-many relationship with other web pages.

图1中,当第一网页页面与其它网页页面之间通过调用postMessage应用程序编程接口(Application Programming Interface,API)函数来实现跨域、异步消息的传输时,可以通过修改postMessage API函数中的“origin”参数,来进行上述配置。具体地,可以在第一网页页面中,将“origin”参数设为“*”。在具体监听过程中,当第一网页页面接收到其它网页页面发送的消息时,第一网页页面可以将其它网页页面的域与“origin”参数的参数值进行匹配,若匹配成功,则监听该消息。否则不监听。需要说明的是,因为“*”是通配符,任一网页页面的域均能匹配成功,所以第一网页页面可以监听任一网页页面发送的消息。在其它网页页面中,将“origin”参数设为第一网页页面的域。其具体监听过程类似,在此不复赘述。In Figure 1, when the first web page and other web pages are used to implement cross-domain and asynchronous message transmission by calling the postMessage application programming interface (API) function, the "postMessage API function" can be modified. The origin parameter is used to perform the above configuration. Specifically, the "origin" parameter can be set to "*" in the first web page. In the specific monitoring process, when the first webpage receives the message sent by the other webpage, the first webpage may match the domain of the other webpage with the parameter value of the "origin" parameter, and if the matching is successful, the interception is performed. Message. Otherwise it will not be monitored. It should be noted that because "*" is a wildcard, the domain of any webpage page can be successfully matched, so the first webpage page can listen to the message sent by any webpage page. In other web pages, the "origin" parameter is set to the domain of the first web page. The specific monitoring process is similar and will not be repeated here.

当然,在实际应用中,也可以通过其它方式来进行相应的配置,如,在第一网页页面中,不对消息的来源进行判断等。本说明书对此不复赘述。Of course, in the actual application, the corresponding configuration may also be performed by other means, for example, in the first webpage page, the source of the message is not judged. This specification will not be repeated here.

图2为本说明书一个实施例提供的对象上传方法流程图。所述方法的执行主体可以为图1中的第一网页页面。如图2所示,所述方法具体可以包括:FIG. 2 is a flowchart of an object uploading method according to an embodiment of the present disclosure. The execution body of the method may be the first web page in FIG. As shown in FIG. 2, the method may specifically include:

步骤210,第一网页页面接收第二网页页面通过调用能实现消息跨域传输的应用程序编程接口API函数发送的对象上传消息。Step 210: The first webpage page receives an object upload message sent by the second webpage page by calling an application programming interface API function that can implement message cross-domain transmission.

其中,第一网页页面属于第一域。该第一域可以由商家自己定义,如,可以定义为:“fengdie.alipay.com”。第二网页页面属于任一域,如,该任一域例如可以为:“www.abc.cn”。也即本说明书实施例中的第一网页页面可以接收来自任一域的网页页 面(也可以称为外域页面)发送的消息。The first webpage page belongs to the first domain. The first domain may be defined by the merchant itself, for example, may be defined as: "fengdie.alipay.com". The second web page belongs to any domain, for example, any of the domains may be: "www.abc.cn". That is, the first web page in the embodiment of the present specification can receive a message sent from a web page (also referred to as an outer domain page) of any domain.

步骤210中的对象上传消息可以包括待跨域上传的对象,如,文档、图片或者音视频等。The object upload message in step 210 may include an object to be uploaded across domains, such as a document, a picture, or an audio or video.

在一种具体实现方式中,第一网页页面可以以隐藏的方式在第二网页页面中加载(也即第一网页页面绑定在了第二网页页面的域下)。具体地,第二网页页面通过生成一个高度为0、宽度为0的iframe标签(标签是创建网页页面的标记语言中的基本单位)加载第一网页页面。在该方式中,第一网页页面和第二网页页面运行在同一个终端上。如,同时运行在用户当前使用的电脑或者移动终端上。只不过终端上安装的浏览器只显示第二网页页面。用户直接可以交互的是第二网页页面,而第一网页页面对用户来说是不可见的。当用户想要通过第二网页页面上传对象时,也即在第二网页页面接收到用户发送的对象上传请求时,该第二网页页面会向隐藏的第一网页页面发送上述对象上传消息。In a specific implementation, the first webpage page may be loaded in the second webpage page in a hidden manner (ie, the first webpage page is bound to the domain of the second webpage page). Specifically, the second web page loads the first web page by generating an iframe tag having a height of 0 and a width of 0 (the tag is a basic unit in a markup language for creating a web page). In this manner, the first web page and the second web page run on the same terminal. For example, it runs on the computer or mobile terminal currently used by the user. Only the browser installed on the terminal only displays the second web page. The second web page can be directly interacted by the user, and the first web page is invisible to the user. When the user wants to upload an object through the second webpage page, that is, when the second webpage page receives the object uploading request sent by the user, the second webpage page sends the object uploading message to the hidden first webpage page.

需要说明的是,第一网页页面与第二网页页面属于不同的域。也就是说,该两个网页页面之间的通信是跨域通信。在该跨域通信的过程中,第二网页页面可以通过调用能实现消息跨域传输的API函数,来向第一网页页面发送上述对象上传消息。在一个例子中,上述能实现消息跨域传输的API函数可以为postMessage API函数。It should be noted that the first webpage page and the second webpage page belong to different domains. That is to say, the communication between the two web pages is cross-domain communication. In the process of the cross-domain communication, the second webpage page may send the object uploading message to the first webpage by calling an API function that can implement cross-domain transmission of the message. In one example, the above API function that enables message cross-domain transfer can be a postMessage API function.

还需要说明的是,针对部分浏览器还未实现postMessage可以传递文件列表(Filelist)的情况,因为这部分浏览器通常可以直接传递字符串,所以在发送上述对象上传消息之前,第二网页页面可以对待上传的对象先转化为对应的字符串(也称为序列化)。以待上传的对象为图片为例来说,第二网页页面可以使用FileReader类里的readAsDataURL方法将图片转换成base64编码的字符串。可以理解的是,当对待上传的对象先进行序列化时,上述对象上传消息中包括序列化后的对象。相应的,第一网页页面在接收到对象上传消息之后,首先会判断该消息中的对象是否为序列化后的对象。如前述例子,首先会判断消息中的对象是否为base64编码的字符串。若是,则对该序列化后的对象进行反序列化,从而得到原来的对象。由此,实现了更好的兼容性。It should also be noted that for some browsers, the postMessage can not pass the file list (Filelist), because this part of the browser can usually pass the string directly, so before sending the above object upload message, the second web page can The object to be uploaded is first converted to the corresponding string (also known as serialization). Taking the object to be uploaded as an example, the second web page can convert the image into a base64 encoded string using the readAsDataURL method in the FileReader class. It can be understood that when the object to be uploaded is first serialized, the object upload message includes the serialized object. Correspondingly, after receiving the object upload message, the first web page first determines whether the object in the message is a serialized object. As in the previous example, it is first determined whether the object in the message is a base64 encoded string. If so, the serialized object is deserialized to obtain the original object. This achieves better compatibility.

而针对部分浏览器实现了postMessage可以传递Filelist的情况,则该两个网页页面之间可以直接进行对象传递(如,直接可以传递图片),不需要做序列化。For some browsers, postMessage can pass the filelist. The two web pages can directly transfer objects (for example, can directly transfer images) without serialization.

步骤220,对对象上传消息进行合法性验证。Step 220: Perform legality verification on the object upload message.

步骤230,在对对象上传消息合法性验证通过后,向对应的服务器上传对象。Step 230: After verifying the validity of the object uploading message, upload the object to the corresponding server.

为了安全性,第一网页页面在向对应的服务器上传对象之前,可以对上述对象上传 消息进行合法性验证。在对象上传消息合法性验证通过后,再向对应的服务器上传对象。此处,对消息进行合法性验证属于传统常规技术,在此不复赘述。For security, the first web page may perform legality verification on the object upload message before uploading the object to the corresponding server. After the validity of the object upload message is verified, the object is uploaded to the corresponding server. Here, the verification of the legality of the message belongs to the conventional conventional technology, and will not be repeated here.

在一种具体实现方式中,第一网页页面可以通过AJAX post()方法来向对应的服务器上传对象。In a specific implementation manner, the first webpage page may upload an object to the corresponding server by using an AJAX post() method.

步骤240,接收服务器返回的对象的链接地址。Step 240: Receive a link address of an object returned by the server.

在一个例子中,服务器在存储该对象之后,可以向第一网页页面返回该对象的统一资源定位符(Uniform Resource Locator,URL)地址。In one example, after storing the object, the server may return a Uniform Resource Locator (URL) address of the object to the first web page.

步骤250,调用API函数向第二网页页面发送对象的链接地址。Step 250, calling an API function to send a link address of the object to the second webpage page.

如前述例子,第一网页页面可以通过调用上述postMessage API函数来向第二网页页面返回对象的URL地址。第二网页页面在接收到对象的URL地址之后,可以向用户展示该URL地址。当接收到用户对该URL地址的点击指令时,可以向用户展示对应的对象。As in the foregoing example, the first web page may return the URL address of the object to the second web page by calling the postMessage API function described above. After receiving the URL address of the object, the second web page may display the URL address to the user. When the user receives a click command for the URL address, the corresponding object can be presented to the user.

综上,本说明书上述实施例提供的对象上传方法,当任一域的网页页面想要上传对象至第一域的网页页面的服务器时,可以先向第一域的网页页面发送对象上传消息。该第一域的网页页面可以对消息进行合法性验证,在合法性验证通过后,再将对象上传至对应的服务器。由此,保证了通信的安全性。此外,由于该方法只涉及两个跨域网页页面之间的通信,以及域内网页页面与服务器之间的通信,从而有方案设计简单的优点。In summary, the object uploading method provided in the foregoing embodiment of the present disclosure may first send an object upload message to a webpage of the first domain when the webpage of any domain wants to upload the object to the server of the webpage of the first domain. The webpage of the first domain can verify the validity of the message, and after the legality verification is passed, upload the object to the corresponding server. Thereby, the security of the communication is ensured. In addition, since the method only involves communication between two cross-domain web pages, and communication between web pages in the domain and the server, there is an advantage that the scheme is simple in design.

在实际应用中,可以将实现上述方案的流程封装在软件开发工具包(Software Development Kit,SDK)中。当任一域的网页页面想要具有对象上传功能时,可以先安装该SDK包。之后,该网页页面可以将用户要上传的对象传给SDK,SDK就可以返回对象的链接地址。该任一域的网页页面不需要感知服务器是什么,也不需要知道第一域的网页页面与对应的服务器之间如何发AJAX。In practical applications, the process for implementing the above solution can be packaged in a software development kit (SDK). When the web page of any domain wants to have the object upload function, you can install the SDK package first. After that, the web page can transmit the object to be uploaded by the user to the SDK, and the SDK can return the link address of the object. The web page of any of the domains does not need to perceive what the server is, nor does it need to know how to send AJAX between the webpage of the first domain and the corresponding server.

图3为本说明书另一个实施例提供的对象上传方法流程图。所述方法的执行主体可以为图1中的第二网页页面。如图3所示,所述方法具体可以包括:FIG. 3 is a flowchart of an object uploading method according to another embodiment of the present specification. The execution body of the method may be the second web page in FIG. As shown in FIG. 3, the method may specifically include:

步骤310,第二网页页面接收对象跨域上传请求。Step 310: The second webpage page receives the object cross-domain upload request.

此处的第二网页页面可以为任一域的的网页页面。该网页页面通过浏览器加载后可以直接与用户进行交互。以用户上传图片来说,上述跨域上传请求可以是在用户选择了要上传的图片,并点击发送按钮时发送的。The second web page here can be a web page of any domain. The web page can be directly interacted with the user after being loaded by the browser. In the case of a user uploading a picture, the above cross-domain upload request may be sent when the user selects a picture to upload and clicks the send button.

上述对象跨域上传请求可以包括待跨域上传的对象,如,上述图片、文档以及音视频等。The above object cross-domain upload request may include an object to be uploaded across domains, such as the above picture, document, audio and video, and the like.

步骤320,调用能实现消息跨域传输的应用程序接口API函数向第一网页页面发送对象上传消息。Step 320: Call an application interface API function that can implement message cross-domain transmission to send an object upload message to the first webpage page.

此处,第一网页页面可以以隐藏的方式在第二网页页面中加载(也即第一网页页面绑定在了第二网页页面所属的域下)。在一个例子中,上述能实现消息跨域传输的API函数可以为postMessage API函数。Here, the first webpage page may be loaded in the second webpage page in a hidden manner (ie, the first webpage page is bound to the domain to which the second webpage page belongs). In one example, the above API function that enables message cross-domain transfer can be a postMessage API function.

需要说明的是,针对部分浏览器还未实现postMessage可以传递文件列表(Filelist)的情况,在发送上述对象上传消息之前,第二网页页面可以对待上传的对象先进行序列化。以待上传的对象为图片为例来说,第二网页页面可以使用FileReader类里的readAsDataURL方法将图片转换成base64编码的字符串。可以理解的是,当对待上传的对象先进行序列化时,上述对象上传消息中包括序列化后的对象。相应的,第一网页页面在接收到对象上传消息之后,首先会判断该消息中的对象是否为序列化后的对象,若是,则对该序列化后的对象进行反序列化,从而得到原来的对象。由此,实现了更好的兼容性。It should be noted that, in the case that some browsers have not implemented a file list (postlist), the second web page may serialize the object to be uploaded before sending the object upload message. Taking the object to be uploaded as an example, the second web page can convert the image into a base64 encoded string using the readAsDataURL method in the FileReader class. It can be understood that when the object to be uploaded is first serialized, the object upload message includes the serialized object. Correspondingly, after receiving the object upload message, the first webpage first determines whether the object in the message is a serialized object, and if so, deserializes the serialized object, thereby obtaining the original Object. This achieves better compatibility.

而针对部分浏览器实现了postMessage可以传递Filelist的情况,则该两个网页页面之间可以直接进行对象传递(如,直接可以传递图片),不需要做序列化。For some browsers, postMessage can pass the filelist. The two web pages can directly transfer objects (for example, can directly transfer images) without serialization.

步骤330,接收第一网页页面通过调用API函数返回的对象的链接地址。Step 330: Receive a link address of an object returned by the first webpage page by calling an API function.

第一网页页面可以通过调用上述postMessage API函数来向第二网页页面返回对象的URL地址。第二网页页面在接收到对象的URL地址之后,可以向用户展示该URL地址。当接收到用户对该URL地址的点击指令时,可以向用户展示对应的对象。The first web page may return the URL address of the object to the second web page by calling the postMessage API function described above. After receiving the URL address of the object, the second web page may display the URL address to the user. When the user receives a click command for the URL address, the corresponding object can be presented to the user.

下面结合图4,以用户上传图片至××域图片服务器为例,对本说明书给出的方案作进一步详细描述:Referring to FIG. 4, the scheme given in this specification is further described in detail by taking the user uploading the image to the xxx domain image server as an example:

需要说明的是,在执行图4所示的各步骤之前,可以先执行如下初始化操作:在外域页面进行相应的配置,以使外域页面可以监听××域页面发送的消息,如,可以将postMessage API函数中的“origin”参数设为××域页面的域名。此外,在××域页面也进行相应的配置,以使××域页面可以监听全域的页面发送的消息,如,可以将postMessage API函数中的“origin”参数设为“*”。在执行完上述初始化操作之后,就可以执行如下步骤了。It should be noted that, before performing the steps shown in FIG. 4, the following initialization operations may be performed: performing corresponding configuration on the external domain page, so that the external domain page can listen to the message sent by the×× domain page, for example, the postMessage can be The "origin" parameter in the API function is set to the domain name of the ×× domain page. In addition, the corresponding configuration is also performed on the XX domain page, so that the XX domain page can listen to the message sent by the global page. For example, the "origin" parameter in the postMessage API function can be set to "*". After performing the above initialization operation, the following steps can be performed.

步骤410,外域页面接收用户选择的图片。In step 410, the foreign domain page receives the picture selected by the user.

步骤420,外域页面使用FileReader类里的readAsDataURL方法将图片转换成base64编码的字符串。In step 420, the foreign domain page converts the image into a base64 encoded string using the readAsDataURL method in the FileReader class.

步骤430,外域页面调用postMessage API函数向××域页面发送字符串。In step 430, the foreign domain page calls the postMessage API function to send a string to the XX domain page.

步骤440,××域页面将字符串转化为图片。In step 440, the ×× domain page converts the string into a picture.

步骤450,××域页面通过AJAX post()方法向××域图片服务器上传图片。Step 450: The ×× domain page uploads a picture to the×× domain picture server by using the AJAX post() method.

步骤460,××域图片服务器向××域页面返回图片的URL地址。In step 460, the ×× domain picture server returns the URL address of the picture to the ×× domain page.

步骤470,××域页面调用postMessage API函数向外域页面发送图片的URL地址。In step 470, the ×× domain page calls the postMessage API function to send the URL address of the image to the outbound domain page.

与上述对象上传方法对应地,本说明书一个实施例还提供的一种对象上传装置,如图5所示,该装置包括:Corresponding to the above object uploading method, an object uploading device is also provided in an embodiment of the present specification. As shown in FIG. 5, the device includes:

接收单元501,用于接收第二网页页面通过调用能实现消息跨域传输的应用程序编程接口API函数发送的对象上传消息,该第一网页页面属于第一域,第二网页页面属于任一域;对象上传消息包括待跨域上传的对象。The receiving unit 501 is configured to receive an object upload message sent by the second webpage page by using an application programming interface API function that can implement cross-domain transmission of the message, where the first webpage belongs to the first domain, and the second webpage belongs to any domain. The object upload message includes objects to be uploaded across domains.

此处的对象可以包括以下任意一种:文档、图片以及音视频。The objects here can include any of the following: documents, pictures, and audio and video.

验证单元502,用于对接收单元501接收的对象上传消息进行合法性验证。The verification unit 502 is configured to perform legality verification on the object upload message received by the receiving unit 501.

上传单元503,用于在验证单元502对对象上传消息合法性验证通过后,向对应的服务器上传对象。The uploading unit 503 is configured to upload an object to the corresponding server after the verification unit 502 verifies the validity of the object upload message.

接收单元501,还用于接收服务器返回的对象的链接地址。The receiving unit 501 is further configured to receive a link address of an object returned by the server.

发送单元504,用于调用API函数向第二网页页面发送对象的链接地址。The sending unit 504 is configured to invoke an API function to send a link address of the object to the second webpage page.

可选地,该装置还可以包括:Optionally, the device may further include:

判断单元505,用于判断对象是否已被序列化。The determining unit 505 is configured to determine whether the object has been serialized.

处理单元506,用于对对象进行反序列化。The processing unit 506 is configured to deserialize the object.

上传单元503具体可以用于:向对应的服务器上传反序列化后的对象。The uploading unit 503 is specifically configured to: upload the deserialized object to the corresponding server.

本说明书上述实施例装置的各功能模块的功能,可以通过上述方法实施例的各步骤来实现,因此,本说明书一个实施例提供的装置的具体工作过程,在此不复赘述。The functions of the functional modules of the apparatus in the foregoing embodiments of the present invention can be implemented by the steps of the foregoing method embodiments. Therefore, the specific working process of the apparatus provided in one embodiment of the present specification is not described herein.

本说明书一个实施例提供的对象上传装置,接收单元501接收第二网页页面通过调 用能实现消息跨域传输的应用程序编程接口API函数发送的对象上传消息。验证单元502对对象上传消息进行合法性验证。在对对象上传消息合法性验证通过后,上传单元503向对应的服务器上传对象。接收单元501接收服务器返回的对象的链接地址。发送单元504调用API函数向第二网页页面发送对象的链接地址。由此,可以安全、可靠地实现网站之间的跨域、异步通信。In an object uploading apparatus provided by an embodiment of the present specification, the receiving unit 501 receives an object uploading message sent by the second webpage page by calling an application programming interface API function capable of realizing message cross-domain transmission. The verification unit 502 performs legality verification on the object upload message. After the validity verification of the object upload message is passed, the uploading unit 503 uploads the object to the corresponding server. The receiving unit 501 receives the link address of the object returned by the server. The sending unit 504 calls the API function to send the link address of the object to the second web page. Thereby, cross-domain and asynchronous communication between websites can be realized safely and reliably.

与上述对象上传方法对应地,本说明书一个实施例还提供的一种对象上传装置,如图6所示,该装置包括:Corresponding to the above object uploading method, an object uploading device is also provided in an embodiment of the present specification. As shown in FIG. 6, the device includes:

接收单元601,用于接收对象跨域上传请求,该对象跨域上传请求包括待跨域上传的对象;该第二网页页面属于任一域。The receiving unit 601 is configured to receive an object cross-domain upload request, where the object cross-domain upload request includes an object to be uploaded across the domain; the second web page belongs to any domain.

发送单元602,用于调用能实现消息跨域传输的应用程序接口API函数向第一网页页面发送对象上传消息,该对象上传消息用于指示第一网页页面在对所述对象上传消息合法性验证通过后将对象上传至对应的服务器,并获取对象的链接地址;该第一网页页面属于第一域。The sending unit 602 is configured to send an object uploading message to the first webpage by using an application interface API function that can implement message cross-domain transmission, where the object uploading message is used to indicate that the first webpage is in the legality verification of uploading the message to the object. After the object is uploaded to the corresponding server, and the link address of the object is obtained; the first web page belongs to the first domain.

接收单元601,还用于接收第一网页页面通过调用API函数返回的对象的链接地址。The receiving unit 601 is further configured to receive a link address of the object returned by the first webpage page by calling an API function.

本说明书上述实施例装置的各功能模块的功能,可以通过上述方法实施例的各步骤来实现,因此,本说明书一个实施例提供的装置的具体工作过程,在此不复赘述。The functions of the functional modules of the apparatus in the foregoing embodiments of the present invention can be implemented by the steps of the foregoing method embodiments. Therefore, the specific working process of the apparatus provided in one embodiment of the present specification is not described herein.

本说明书一个实施例提供的对象上传装置,可以安全、可靠地实现网站之间的跨域、异步通信。本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。The object uploading apparatus provided in one embodiment of the present specification can implement cross-domain and asynchronous communication between websites securely and reliably. Those skilled in the art will appreciate that in one or more examples described above, the functions described herein can be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium.

以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的技术方案的基础之上,所做的任何修改、等同替换、改进等,均应包括在本发明的保护范围之内。The specific embodiments of the present invention have been described in detail with reference to the preferred embodiments of the present invention. The scope of the protection, any modifications, equivalent substitutions, improvements, etc., which are made on the basis of the technical solutions of the present invention, are included in the scope of the present invention.

Claims (8)

一种对象上传方法,其特征在于,包括:An object uploading method, comprising: 第一网页页面接收第二网页页面通过调用能实现消息跨域传输的应用程序编程接口API函数发送的对象上传消息,所述第一网页页面属于第一域,所述第二网页页面属于任一域;所述对象上传消息包括待跨域上传的对象;The first webpage page receives the object uploading message sent by the application programming interface API function that can implement cross-domain transmission of the message, where the first webpage page belongs to the first domain, and the second webpage page belongs to any Domain; the object upload message includes an object to be uploaded across domains; 对所述对象上传消息进行合法性验证;Performing legality verification on the object uploading message; 在对所述对象上传消息合法性验证通过后,向对应的服务器上传所述对象;After the validity of the uploading of the object is verified, the object is uploaded to the corresponding server; 接收所述服务器返回的所述对象的链接地址;Receiving a link address of the object returned by the server; 调用所述API函数向所述第二网页页面发送所述对象的链接地址。The API function is called to send a link address of the object to the second web page. 根据权利要求1所述的方法,其特征在于,在所述向对应的服务器上传所述对象之前,还包括:The method according to claim 1, wherein before the uploading the object to the corresponding server, the method further comprises: 判断所述对象是否已被序列化;Determining whether the object has been serialized; 若是,则对所述对象进行反序列化;If so, deserializing the object; 所述向对应的服务器上传所述对象,包括:The uploading the object to a corresponding server includes: 向对应的服务器上传反序列化后的所述对象。The deserialized object is uploaded to the corresponding server. 根据权利要求1或2所述的方法,其特征在于,所述对象包括以下任意一种:文档、图片以及音视频。The method according to claim 1 or 2, wherein the object comprises any one of the following: a document, a picture, and an audio and video. 一种对象上传方法,其特征在于,包括:An object uploading method, comprising: 第二网页页面接收对象跨域上传请求,所述对象跨域上传请求包括待跨域上传的对象;所述第二网页页面属于任一域;The second webpage page receives an object cross-domain upload request, where the object cross-domain upload request includes an object to be cross-domain uploaded; the second webpage page belongs to any domain; 调用能实现消息跨域传输的应用程序接口API函数向第一网页页面发送对象上传消息,所述对象上传消息用于指示所述第一网页页面在对所述对象上传消息合法性验证通过后将所述对象上传至对应的服务器,并获取所述对象的链接地址;所述第一网页页面属于第一域;Sending an object uploading API message to the first webpage page by using an application interface API function that can implement message cross-domain transmission, the object uploading message is used to indicate that the first webpage page is verified after the legality verification of the object uploading message is passed Uploading the object to a corresponding server, and acquiring a link address of the object; the first webpage page belongs to the first domain; 接收所述第一网页页面通过调用所述API函数返回的所述对象的链接地址。Receiving, by the first web page, a link address of the object returned by calling the API function. 一种对象上传装置,其特征在于,包括:An object uploading device, comprising: 接收单元,用于接收第二网页页面通过调用能实现消息跨域传输的应用程序编程接口API函数发送的对象上传消息,所述第一网页页面属于第一域,所述第二网页页面属于任一域;所述对象上传消息包括待跨域上传的对象;a receiving unit, configured to receive an object upload message sent by the second webpage page by using an application programming interface API function that can implement cross-domain transmission of the message, where the first webpage belongs to the first domain, and the second webpage belongs to the first webpage a domain; the object upload message includes an object to be uploaded across domains; 验证单元,用于对所述接收单元接收的所述对象上传消息进行合法性验证;a verification unit, configured to perform legality verification on the object upload message received by the receiving unit; 上传单元,用于在所述验证单元对所述对象上传消息合法性验证通过后,向对应的 服务器上传所述对象;a uploading unit, configured to upload the object to a corresponding server after the verification unit passes the validity verification of the object upload message; 所述接收单元,还用于接收所述服务器返回的所述对象的链接地址;The receiving unit is further configured to receive a link address of the object returned by the server; 发送单元,用于调用所述API函数向所述第二网页页面发送所述对象的链接地址。And a sending unit, configured to invoke the API function to send a link address of the object to the second webpage page. 根据权利要求5所述的装置,其特征在于,还包括:The device according to claim 5, further comprising: 判断单元,用于判断所述对象是否已被序列化;a determining unit, configured to determine whether the object has been serialized; 处理单元,用于对所述对象进行反序列化;a processing unit, configured to deserialize the object; 所述上传单元具体用于:The uploading unit is specifically configured to: 向对应的服务器上传反序列化后的所述对象。The deserialized object is uploaded to the corresponding server. 根据权利要求5或6所述的装置,其特征在于,所述对象包括以下任意一种:文档、图片以及音视频。The apparatus according to claim 5 or 6, wherein the object comprises any one of the following: a document, a picture, and an audio and video. 一种对象上传装置,其特征在于,包括:An object uploading device, comprising: 接收单元,用于接收对象跨域上传请求,所述对象跨域上传请求包括待跨域上传的对象;所述第二网页页面属于任一域;a receiving unit, configured to receive an object cross-domain upload request, where the object cross-domain upload request includes an object to be uploaded across domains; the second web page belongs to any domain; 发送单元,用于调用能实现消息跨域传输的应用程序接口API函数向第一网页页面发送对象上传消息,所述对象上传消息用于指示所述第一网页页面在对所述对象上传消息合法性验证通过后将所述对象上传至对应的服务器,并获取所述对象的链接地址;所述第一网页页面属于第一域;a sending unit, configured to send an application interface API function that can implement message cross-domain transmission, to send an object upload message to the first webpage, where the object uploading message is used to indicate that the first webpage page is legally uploaded to the object After the verification is passed, the object is uploaded to the corresponding server, and the link address of the object is obtained; the first webpage page belongs to the first domain; 所述接收单元,还用于接收所述第一网页页面通过调用所述API函数返回的所述对象的链接地址。The receiving unit is further configured to receive a link address of the object returned by the first webpage page by calling the API function.
PCT/CN2018/112448 2017-12-19 2018-10-29 Object uploading method and device Ceased WO2019119974A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711370494.2 2017-12-19
CN201711370494.2A CN108200126A (en) 2017-12-19 2017-12-19 Object method for uploading and device

Publications (1)

Publication Number Publication Date
WO2019119974A1 true WO2019119974A1 (en) 2019-06-27

Family

ID=62574723

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/112448 Ceased WO2019119974A1 (en) 2017-12-19 2018-10-29 Object uploading method and device

Country Status (3)

Country Link
CN (1) CN108200126A (en)
TW (1) TWI713342B (en)
WO (1) WO2019119974A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110633443A (en) * 2019-08-30 2019-12-31 腾讯科技(深圳)有限公司 Method, device, equipment and medium for in-page data communication

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200126A (en) * 2017-12-19 2018-06-22 阿里巴巴集团控股有限公司 Object method for uploading and device
CN114003412A (en) * 2021-12-27 2022-02-01 支付宝(杭州)信息技术有限公司 Method and device for communicating small program and host program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090328063A1 (en) * 2008-06-27 2009-12-31 Microsoft Corporation Inter-frame messaging between different domains
CN103207863A (en) * 2012-01-13 2013-07-17 腾讯科技(深圳)有限公司 Page cross-domain interacting method and terminal
CN104572263A (en) * 2014-12-30 2015-04-29 腾讯科技(深圳)有限公司 Page data interaction method, related device and system
CN108200126A (en) * 2017-12-19 2018-06-22 阿里巴巴集团控股有限公司 Object method for uploading and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI497311B (en) * 2013-03-28 2015-08-21 Quanta Comp Inc Inter-device communication transmission system and method thereof
CN104301379A (en) * 2014-08-28 2015-01-21 北京奇虎科技有限公司 A webpage cross-domain communication method and device
US9992352B2 (en) * 2014-11-01 2018-06-05 Somos, Inc. Toll-free telecommunications and data management platform
CN106953925A (en) * 2017-03-30 2017-07-14 福建中金在线信息科技有限公司 A kind of image data method for uploading and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090328063A1 (en) * 2008-06-27 2009-12-31 Microsoft Corporation Inter-frame messaging between different domains
CN103207863A (en) * 2012-01-13 2013-07-17 腾讯科技(深圳)有限公司 Page cross-domain interacting method and terminal
CN104572263A (en) * 2014-12-30 2015-04-29 腾讯科技(深圳)有限公司 Page data interaction method, related device and system
CN108200126A (en) * 2017-12-19 2018-06-22 阿里巴巴集团控股有限公司 Object method for uploading and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110633443A (en) * 2019-08-30 2019-12-31 腾讯科技(深圳)有限公司 Method, device, equipment and medium for in-page data communication
CN110633443B (en) * 2019-08-30 2023-08-08 腾讯科技(深圳)有限公司 Method, device, equipment and medium for intra-page data communication

Also Published As

Publication number Publication date
TWI713342B (en) 2020-12-11
CN108200126A (en) 2018-06-22
TW201929507A (en) 2019-07-16

Similar Documents

Publication Publication Date Title
US12367082B2 (en) Dynamically integrating a client application with third-party services
US9424551B2 (en) Secure inter-module communication mechanism
US10402066B2 (en) Information processing terminal and control method
TWI787213B (en) Data acquisition method, system and device
US10291722B1 (en) Method and apparatus for implementing co-browsing between domains
US9684628B2 (en) Mechanism for inserting trustworthy parameters into AJAX via server-side proxy
CN107463453B (en) Method, device, equipment and storage medium for communication between different applications of same terminal
US7984170B1 (en) Cross-domain communication in domain-restricted communication environments
KR20110100622A (en) Technology that automatically syndicates content over the network
EP3136656B1 (en) Information sharing method and device
CN108416021B (en) Browser webpage content processing method and device, electronic equipment and readable medium
CN104468592A (en) Login method and system
CN112261111A (en) Method and system for realizing cross-domain access of browser in application program
CN112468611B (en) Application program starting method, terminal device and computer storage medium
WO2019119974A1 (en) Object uploading method and device
CN107239308A (en) Method and system for implementing browser calling function
WO2019062114A1 (en) Message processing method, electronic device and readable storage medium
CN102662838B (en) The adjustment method of Flash and system in a kind of browser
CN104486397A (en) Method for carrying out data transmission in browser, client and mobile terminal
CN105871976A (en) Data cross-domain request method and system, and devices
CN112015383B (en) A login method and device
KR20110118000A (en) Interworking device of web browser and local resource in mobile terminal and method
CN112997173B (en) Method and apparatus for accessing proprietary resources in a co-browsing session
AU2018390863B2 (en) Computer system and method for extracting dynamic content from websites
CN114640718A (en) Data processing method and device based on data processing system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18890816

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18890816

Country of ref document: EP

Kind code of ref document: A1