I'm doing an XSS report for my university, and I'm doing some tests with calling external webpages using AJAX.
The code I'm using for this example is very simple, and one of my target case-studies is to be able to call an outside web-page via AJAX with cross site disabled.
Note:
I only plan to use this on FireFox, and I am not concerned about IE compatibility.
<script>
var xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange=function(){
if(xmlhttp.readyState==4)
{
alert(xmlhttp.responseText);
}
}
xmlhttp.open("GET","http://example.com",true);
xmlhttp.send(null);
</script>
Now the problem here is that *uncaught exception: Access to restricted URI denied (NS_ERROR_DOM_BAD_URI)* is thrown. I've been searching around and the best piece of information I found to bypass this was using jquery with json, but that doesn't suit me, and another example was this one (in french)
Is there any piece of information you can share with me in order to solve this problem? or is it just unsolvable due to the same origin policy?
Edit:
If anyone know, how does google post the values through google analytics? Or this problem only happens for get and not for post? Some help would be nice.