I have plans to apply AJAX to our library catalog but I’m running into a problem where I can’t do XMLHttpRequest events to servers other than the one I loaded the main webpage from. Mozilla calls it the “same origin policy,” everyone else calls it a cross-domain script exclusion, or something like that.
Some Mozilla folks are working on a standard to address the problem, but it could be quite a while before browser support is common enough to build for it.
So Plan A was to use simple AJAX with XMLHTTPRequest. Plan B comes from this crazy suggestion at Apple’s developer site: Remote Scripting with IFRAME. It looks like different functions are subject to different restrictions, so the theory is that a JavaSctript loaded in a page in a hidden IFRAME can call functions from the parent page and do pretty much everything we’ve come to expect of XMLHTTPRequest. Here’s an example they offer.
Crazy as it is it works, and it gets around some cross-domain script exclusions for some browsers, but it still gets trapped by Mozilla.
tags: ajax, apple, browser security, browsers, cross domain, cross domain script exclusion, frustration, iframe, javascript, mozilla, remote scripting, web application, web applications, xdomain, xmlhttprequest
Posted September 19, 2005 by Casey Bisson
Categories: Libraries & Networked Information, Technology. Tags: ajax, apple, browser security, browsers, cross domain, cross domain script exclusion, frustration, iframe, javascript, mozilla, remote scripting, web application, web applications, xdomain, xmlhttprequest.
5 Comments
Comments RSS
TrackBack Identifier URI
User contributed tags for this post:
cross domain iframe (410) - iframe cross domain (371) - xmlhttprequest cross domain (206) - javascript cross domain scripting (195) - ajax cross domain (184) - iframe domain (157) - iframe cross domain script (124) - cross domain scripting iframe (121) - iFrame cross site (121) - xmlhttprequest cross site (120) - allow cross site scripting (113) - cross domain ajax (102) - iframe cross domain scripting (95) - cross domain ajax iframe (94) - enable cross site scripting (88) - cross domain xmlhttprequest (83) - XMLHttpRequest subdomain iframe (78) - remote scripting iframe (74) - ajax cross domain iframe (71) - cross site iframe (71) - cross domain javascript (69) - jquery iframe (61) - Cross domain iframes (59) - crossdomain javascript (58) - firefox cross domain scripting (56) - firefox enable cross site scripting (56) - Cross Domain Javascript iframe (55) - cross domain scripting javascript (55) - ajax Iframe (55) - allow cross domain scripting (54) - javascript cross domain (51) - iframe xss (50) - cross domain iframe scripting (50) - javascript cross domain iframe (50) - enable cross domain scripting (50) - jquery iframe cross domain (50) - iframe crossdomain (48) - javascript iframe cross domain (46) - REMOTE SCRIPTING WITH IFRAME (46) - cross domain scripting (44) - remote scripting firefox (41) - javascript iframe (39) - iframes cross domain (37) - IFrame remote scripting (37) - javascript crossdomain (35) - scripting iframes (34) - cross domain iframe javascript (34) - iframe cross site scripting (32) - firefox allow cross site scripting (31) - XMLHTTPRequest crossdomain (30) - ajax iframe cross domain (30) - iframe remote (29) - enable cross site scripting firefox (28) - iframe cross scripting (27) - javascript iframe domain (27) - remote script iframe (27) - cross site ajax iframe (27) - iframe ajax cross domain (26) - cross domain remote scripting (26) - how to enable cross site scripting (26) - javascript iframe firefox (26) - firefox enable cross domain scripting (26) - XMLHttpRequest bookmarklet (25) - ajax cross site scripting (25) - cross site scripting xmlhttprequest (25) - iframe google maps crossite (24) - jquery cross domain iframe (24) - ajax cross site (23) - cross site javascript iframe (23) - ajax crossdomain (22) - javascript iframe cross site (22) - cross domain scripting firefox (22) - how to allow cross site scripting (22) - cross site xmlhttprequest (21) - cross domain IFrame ajax (21) - iframe cross domain ajax (21) - allowing cross site scripting (21) - iframe JavaScript restrictions (20) - XMLHttpRequest cross site scripting (19) - jquery iframe parent (19) - cross-domain IFRAME (19) - remote scripting cross domain (18) - iframe cross domain javascript (18) - xmlhttprequest cross (18) - iframe javascript cross domain (18) - enable iframes in firefox (18) - remote iframe (18) - crossdomain scripting (18) - iframe sandbox (18) - cross site scripting iframe (17) - iframes cross site (17) - cross site scripting allow (17) - remote (16) - xmlhttprequest firefox (16) - enable cross domain scripting firefox (16) - cross domain ajax google maps (16) - remote scripting iframes (16) - allow cross-site scripting (16) - crossdomain iframe (15) - iframe remote script (15) - google maps cross domain (15) - Firefox remote scripting (15) - javascript iframes firefox (15) - IFRAME cross domain xmlhttprequest (15) - cross domain hack (15) - xss iframe (15) - javascript iframe scripting (14) - javascript iframe remote (14) - cross site scripting enable (14) - cross iframe scripting (13) - iframe javascript (13) - Firefox iframe javascript (13) - firefox iframe cross domain (13) - firefox cross frame scripting (13) - javascript iframe Remote Scripting (13) - scripting iframe (12) - ajax cross (12) - iframes (12) - cross domain ajax mozilla (12) - cross domain firefox (12) - iframe firefox (12) - firefox enable cross domain (12) - cross domain iframe jquery (12) - remote scripting (11) - scripting firefox (11) - iframe javascript domain (11) - firefox cross site scripting enable (11) - enable cross site scripting in firefox (11) - iframe cross domain security (11) - firefox enable remote scripting (11) - enable cross domain firefox (11) - F (11) - jquery iframe xss (11) - iframe cross-site (11) - iframe cross-domain (11) - remote scripting iframe javascript (10) - google xmlhttprequest cross domain (10) - AJAX IFrames cross domain (10) - ajax same origin (10) - javascript iframes (10) - AJAX iframes (10) - cross domain javascript frame (10) - xmlhttprequest different domain (10) - firefox disable cross site scripting (10) - enabling cross site scripting (10) - crossdomain javascript iframe (10) - jquery iframe cross-domain (10) - firefox iframe security (10) - iframes remote scripting (9) - hidden iframe remote scripting (9) -
[...] [2]Ă‚Â Plan B: Remote Scripting With IFRAMEs [...]
Single pure javascript to extract information from a webpage at different domain is impossible!…
I tried to load some webpages via an iframe. I can load a arbitrary webpage into an iframe, but I can’t access any information from this iframe for security issues. Cross-domain information exchange seems to be impossible, if I don’t have s…
[...] » Plan B: Remote Scripting With IFRAMEs So Plan A was to use simple AJAX with XMLHTTPRequest. Plan B comes from this crazy suggestion at Apple’s developer site: Remote Scripting with IFRAME. It looks like different functions are subject to different restrictions, so the theory is that a JavaS (tags: maisonbisson.com 2007 cross_domain ajax) [...]
Any success in this arena? We’re implementing a proxy for our own work, but wish to offer JavaScript libraries for others to access our utilities.
I am also in a similar predicament – and I don’t know a good solution either…