tags:

views:

598

answers:

5
+2  Q: 

parse xml in an iframe

Hi, I want to be able access an rss feed from js. I have the ability to configure both servers to use the same domain (but different subdomains - eg static.benanderson.us and tech.benanderson.us). I was hoping I could use the document.domain property to get around the xss issue. Here's a snippet http://static.benanderson.us/example.js (not actually live):

document.domain = 'benanderson.us';
new Ajax.Request('http://tech.benanderson.us/feeds/posts/default', { \\error

However, that doesn't work. I couldn't find out if document.domain works for xhr requests, so I bagged that and switched to an iframe solution because I've done something similar in the past.

$('my_iframe').src='http://tech.benanderson.us/feeds/posts/default';
Event.observe($('my_iframe'), 'load', function() {
  try {
    log(this.contentDocument);  //this displays just fine
    var entries = this.contentDocument.getElementsByTagName('entry');  //error

The weird thing is that I can view this.contentDocument in firebug, however it's the getElementsByTagName that errors with a "permission denied..." message.

Any thoughts on how to get either of these solutions to work would be awesome. I know I could do a proxy - that's not what I'm interested in.

Thanks, Ben

A: 

You cant do that, it is not allowed by same origin policy

You can only set document.domain to the superdomain of the current domain, you do that but the same origin policy has to match the whole domain name that it is allowed (tech.benanderson.us != benanderson.us)

arjan  2009-10-04 12:42:11
can't do what specifically?In the iframe example, it works if the iframe contains html. a document can access (via js) html in its inner iframe even if subdomains are different (using document.domain).
andersonbd1  2009-10-04 13:20:56
in which browser? it should not work (and does not in ff and opera)
arjan  2009-10-04 13:44:22
any browser. people do it all the time (I just tried it and it works). I think I may have found the issue. You have to set document.domain explicitly in both the containing page AND the inner iframe. Since this is done in javascript, I fear I may be out of luck if I'm returning xml.
andersonbd1  2009-10-04 17:39:14
of course it works if you set both, I was talking about your use case
arjan  2009-10-04 18:02:38
+2  A: 

This doesn't speak to the JS technicalities at all, but as a workaround, you could set up a server-side script on the same subdomain that just fetches what you need from the other subdomain.

Kev  2009-10-06 18:25:09
+1. @andersonbd1 Is there a reason you can't use a server-side proxy on static.benanderson.us to retrieve the feed?
brianpeiris  2009-10-07 07:46:50
yes, I can only use static html, js, and css. I can't use scripts. I clearly stated this in the question.
andersonbd1  2009-10-09 17:24:52
I see the part about the proxy now, but a fetch script is not exactly the same thing. Anyway, my bad.
Kev  2009-10-09 19:52:08
A: 

The problem is that document.domain needs to be set to benanderson.us both on the page loading the iframe and the page in the iframe. That gets a bit stupid in this case since you can't just put javascript into a rss feed, so you'll probably have to make some kind of gateway page on the same subdomain to load that page in a frame for you. Here's a lazy example of that:

<html>
<frameset onload="document.domain='benanderson.us';window.frames['content_frame'].location=location.href.split('?request=')[1]">
<frame name=content_frame onload="window.frames['content_frame'].document.domain='benanderson.us'">
</frameset>
</html>

So, assuming we call this "gateway.html" and you put this someplace inside the tech.benanderson.us subdomain, you would go "gateway.html?request=http://tech.benanderson.us/feeds/posts/default" So, in this case, you would have to reference it through window.frames["my_frame"].window.frames["content_frame"] and you should get it.

NOTE: I haven't tested this code.

Coding With Style  2009-10-06 19:04:20
I clearly stated I didn't want a proxy solution.
andersonbd1  2009-10-09 17:26:36
...This constitutes a proxy solution?
Coding With Style  2009-10-13 22:55:12
CWS - I misread your solution. Totally my bad. Let me know how I can make it up. I haven't logged in to SO in a while, so it might be too late to rectify. Perhaps I can just snoop for your answers and vote them up. Again - my apologies.
andersonbd1  2009-10-14 20:57:51
Haha, don't worry about it. It's fine. ;) It's just points anyhow. All I wanted was some clarification on it. Thanks.
Coding With Style  2009-10-15 06:14:32
A: 

Following is an actually working code, parseXML is my wrapper around DOMXML, therefore, instead of that you can use window.frames["internal"].document as XML object. This works in Firefox and Opera. "this" does not work because "this" is iFrame "Element" not a frame. Sorry about language, but you will get the idea. 

 document.getElementById("internal").onload=function() {
  //wrap xml for easy usage
  var ret=parseXML(window.frames["internal"].document);

  //show what happened
  showResult(ret, [
    new DataPair("başlık", "Eklenti Ekle"),
    new DataPair("nesne" , "Eklenti")
  ]);

  //no error
  if(ret.findNodeValue("error")=="no") {
   //close
   eklentiEkleKapat();
   //Protection from refresh
   document.getElementById("internal").onload=function() {}
   window.frames["internal"].location.href="about:blank";
   //activate attachments tab
   tab_eklentiler.activate(true);
  }
 }


 //I actually use a form to post here
 document.getElementById("internal").location.href="target.php";
Cem Kalyoncu  2009-10-09 07:36:57
A: 

apparently there is no way to do exactly this. Howver, I was able to come up with a decent solution. The rss xml is coming from blogger (tech.benanderson.us). So I added a javascript function there that could make the xhr to the rss. Then this javascript sets it's document.domain to benanderson.us and makes a callback. To sum up:

http://static.benanderson.us/example.js:

Event.observe(window, 'load', function() {
  document.domain = 'benanderson.us';
  $('my_iframe').src='http://tech.benanderson.us/2001/01/js.html';
});
function renderFeed(feedXml) {
  ...

http://tech.benanderson.us/2001/01/js.html:

var url = 'http://tech.benanderson.us/feeds/posts/default';
new Ajax.Request(url, {
  method: 'get',
  onSuccess: function(response) {
    document.domain = 'benanderson.us';
    top.renderFeed(response.responseXML);
  }
});
andersonbd1  2009-10-09 17:43:03
I'm a tad annoyed now. How is this any different from my solution?
Coding With Style  2009-10-13 23:00:13

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript