Cross Domain Scripting and Security 1

[jammer1221]

Hey all,

I am getting an "Access Denied" error message in my javascript. And I'm realizing that this is because of cross domain security.


I am importing some XML data (from a blog), and creating a kind of RSS feed. (I'm new to the whole XML and RSS stuff, so bare with me).

I am wondering, if theres any way (client-side), to save the XML file to place on my server, and then use it. Or anything like that.

Would it be possible to load the data into a hidden div, and then use it?

Any ideas would be great!

Thanks for the help,
Matt

 

[BabyJeffy]

No. Just because a div is hidden doesn't stop it from being managed by the browser security measures . You should look at achieving this server-side (maybe just use a simple server-side proxy script)... that way you can get rid of the problem entirely.

Cheers,
Jeff

[tt]Jeff's Page @ Code Couch

http://www.codecouch.com/jeff/blog/

http://www.coedit.co.uk/

[/tt]

What is Javascript? FAQ216-6094

 

[BillyRayPreachersSon]

You maybe could use AJAX client-side, but to be honest, I've never tested that for cross-domain issues. Using server-side scraping would be by far your best bet.

Hope this helps,
Dan



Coedit Limited - Delivering standards compliant, accessible web solutions

[tt]Dan's Page [blue]@[/blue] Code Couch

http://www.codecouch.com/dan/

[/tt]

 

[BabyJeffy]

You maybe could use AJAX client-side, but to be honest, I've never tested that for cross-domain issues.

Not possible... they are governed by the same browser rules.

Cheers,
Jeff

[tt]Jeff's Page @ Code Couch

http://www.codecouch.com/jeff/blog/

http://www.coedit.co.uk/

[/tt]

What is Javascript? FAQ216-6094

 

[jammer1221]

Jeff: I realized this after I posted, but thank you. I was meaning to load all of the data into this DIV and then use it. Because from what I've read is that you can't use the DOM on info from another place. So I thought since I put all the data into my own DIV it might work. But you are still right because you still can not get the data.

Dan: I tried using ajax to get the data and just post it to a div, just to see if it would work.

This is the code I was using for it

var url = "[URL unfurl="true"]http://matts-test-blog.blogspot.com/rss.xml";[/URL] // The server-side script
function handleHttpResponse() {
  if (http.readyState == 4) {
    if (http.responseText.indexOf('invalid') == -1) {
      // Split the comma delimited response into an array
      results = http.responseText.split(",");
document.getElementById("XMLContent").value=results
      isWorking = false;
    }
  }
}
var isWorking = false;
function sendData() {
  if (!isWorking && http) {

    http.open("GET", url, true);
    http.onreadystatechange = handleHttpResponse;
    isWorking = true;
    http.send(null);
  }
}
function getHTTPObject() {
  var xmlhttp;
  /*@cc_on
  @if (@_jscript_version >= 5)
    try {
      xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
    } catch (e) {
      try {
        xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
      } catch (E) {
        xmlhttp = false;
      }
    }
  @else
  xmlhttp = false;
  @end @*/
  if (!xmlhttp && typeof XMLHttpRequest != 'undefined') {
    try {
      xmlhttp = new XMLHttpRequest();
    } catch (e) {
      xmlhttp = false;
    }
  }
  return xmlhttp;
}
var http = getHTTPObject(); // We create the HTTP Object

All I did was call the function sendData(), and it would post back to a DIV...I assume that previous code is what your talking about...Either way it didn't work. Do you have any suggestions to the code, or is that what you would do?

Also, one weird thing I noticed is that I can get the data (the XML file) on my own server (localhost). But once I post the testing files to my server, thats when it breaks and gives me the Permission denied error. Any reasons why that you guys can think of?

Thanks for the help,
Matt

 

[jammer1221]

..Its looking like I can't do anything client-side. If I were to go server side. Would I just save the file to my domain, and then use the same javascript that I have, only point it to the local version of the file?

 

[jammer1221]

P.S. the script I'm referring to isn't the code I posted above.

 

[BabyJeffy]

Yes... you would use the same code to access it from your local domain (it's the fact that you are on the same domain that allows it to happen). I have used snoopy.php to proxy pages like this in the past.

Cheers,
Jeff

[tt]Jeff's Page @ Code Couch

http://www.codecouch.com/jeff/blog/

http://www.coedit.co.uk/

[/tt]

What is Javascript? FAQ216-6094

 

[jammer1221]

Yes... you would use the same code to access it from your local domain (it's the fact that you are on the same domain that allows it to happen).
[/quote

..I don't follow you. Are you referring to me being able to recieve the XML file when I'm testing locally, but getting the error when I load the same code to my server.

I have used snoopy.php to proxy pages like this in the past.

I looked snoopy.php on google, and if we're talking about the same thing (On sourceforge), it looks very interesting. I'll definitely check it out.

 

[BabyJeffy]

Yes... it's the same thing... I've been using it for some simple proxy work for local development (when I'm not on the same domain as the data I want to access). It's not a problem when I'm on site... but when I want to work from remote locations it's a great work-around.

Cheers,
Jeff

[tt]Jeff's Page @ Code Couch

http://www.codecouch.com/jeff/blog/

http://www.coedit.co.uk/

[/tt]

What is Javascript? FAQ216-6094

 

[jammer1221]

Thanks Jeff for all the help, it is much appreciated.