[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] Cross site scripting



On Thu, 2007-08-23 at 12:18 +1000, John Elliot wrote:
> I'm trying to test a web app that I've got under development, and I
> need to load data from a public web server client-side from a site
> hosted on a testing server.

If your consumer is on http://test.example.org then to make things
really easy, host the data on http://example.org and set your domain in
Javascript using:

	document.domain = "example.org";

After this is done, you won't be able to make requests to
http://test.example.org anymore, but that's quite often acceptable.

If that's not an option, you'll need to do this:

	document.write("<script type=\"text/javascript\" " +
		"src=\"http://data.example.org/data.js\";></script>";

The "data.js" script can define functions which will be able to make
XMLHTTPRequests to http://data.example.org, or just provide you with the
data you need.


Cheers,

--
Nathan de Vries

Attachment: smime.p7s
Description: S/MIME cryptographic signature