tags:

views:

362

answers:

3
Q: 

Can a XML-RPC request be made from an html form?

I'm playing with a new service's very simple API and I'm just curious if its possible to send an xml-rpc request directly from an html form. The api request example is this:

<?xml version="1.0"?>
<methodCall>
<methodName>send</methodName>
    <params>
        <param><value><string>YOUR_API_KEY</string></value></param>
        <param><value><string>[email protected]</string></value></param>
        <param><value><string>5551231234</string></value></param>
        <param><value><string>Test Message from PENNY SMS</string></value></param>
    </params>
</methodCall>

And my current form iteration is this:

    <form method="POST" enctype="text/xml" action="http://api.pennysms.com/xmlrpc"&gt;

            <input type="hidden" name="api_key" value="MYAPIKEY"/>

            <label for="from">From</label>
            <input type="input" name="from" value=""/>

            <label for="phone">Phone</label>
            <input type="input" name="phone" value=""/>

            <label for="text">Text message</label>
            <input type="input" name="text" value="">

            <input type="submit" value="Send"/>

    </form>
+1  A: 

Not without involving either Javascript or server code. The "enc-type" attribute specifies the format that the form data is sent to the server in, and unfortunately "xml-rpc" isn't in the list of accepted formats :)

Ryan Brunner  2009-04-23 18:11:39
So I'm also guessing that since this would be cross-domain, using XHR isn't gonna work. Back to server side!
Geuis  2009-04-23 18:14:00
You mean the "enctype" attribute, right?
Patrick McElhaney  2009-04-23 18:14:24
@Patrick: Whoops, you're right.
Ryan Brunner  2009-04-23 18:20:52
+1  A: 

No, this is not possible from plain HTML. The only standard encodings for submitting form data are application/x-www-form-urlencoded and multipart/form-data.

You can do this from JavaScript using an XMLHTTPRequest, though only to APIs on the same domain that the HTML came from. After a quick Google search, I found this AJAX XML-RPC client, though I've never used it so I can't vouch for it.

Brian Campbell  2009-04-23 18:12:55
A: 

That might depend if the server is actually enforcing the enctype

For example using the technique shown here http://pentestmonkey.net/blog/csrf-xml-post-request you can do cross-site posts of XML POST data.

Dinis Cruz  2010-07-20 15:28:45

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?