views:

795

answers:

2

I am trying to write a web widget which will allow users to display customized information (from my website) in their own web page. The mechanism I want to use (for creating the web widget) is javascript.

So basically, I want to be able to write some javascript code like this (this is what the end user copies into their HTML page, to get my widget displayed in their page)

<script type="text/javascript">
/* javascript here to fetch page from remote url and insert into DOM */
</script>

I have two questions:

  1. how do I write a javascript code to fetch the page from the remote url? Ideally this will be PLAIN javascript (i.e. not using jQuery etc - since I dont want to force the user to get third party scripts jQuery which may conflict with other scripts on their page etc)

  2. The page I am fetching contains inline javascript, which gets executed in an body.onLoad event, as well as other functions which are used in response to user actions - my questions are:

i). will the body.onLoad event be triggered for the retrieved document?. ii). If the retrieved page is dumped directly into the DOM, then the document will contain two <body> sections, which is no longer valid (X)HTML - however, I need the body.onLoad event to be triggered for the page to be setup correctly, and I also need the other functions in the retrieved page, for the retrieved page to be able to respond to the user interaction.

Any suggestions/tips on how I can solve these problems?

+1  A: 

There are two approaches to this.

  1. The host site uses an <iframe> tag to include your page in a fixed-size box inside their page. It operates in its own document with its own <body> and onload event; it is in your site's security context so it can use AJAX to call back to your server if it needs to for some reason.

    This is easy; the guest page doesn't even especially need to know it is being included in an iframe.

  2. The host site uses <script src="http://your-site/thing.js"&gt;&lt;/script&gt; to run a script from your server. Your script creates a load of content directly inside the host document using document.write() or DOM methods. Either way you know when you've finished putting them in place so you don't need onload.

    You are running in the host's security context, so you can't AJAX to your server or look at your server's cookies directly; any such data must be served as part of the script. (You can look at the host server's cookies and cross-site-script into any of their pages, and conversely if there is any sensitive data in your script the host site gets to see it too. So there is an implicit trust relationship any time one site takes scripting content from another.)

bobince
Thanks bobince, this is what I was looking for. I hink I will go for the iframe approach (even thought it is deprectaed in later versions of HTLM etc)
scoobydoo
iframe is in HTML Transitional but it is not deprecated and not going away (in eg. HTML5). It's more ‘frameset’ that's considered a bad thing.
bobince
Thanks for the clarification! (gives me more confidence to go with <iframe>
scoobydoo
A: 

Hi,

you can see working code at this blog .

http://checkscript.blogspot.com/2010/05/learn-how-to-show-dynamic-content-on.html

Poonam