Email conversation
| From | Jan Vandorpe |
|---|
| To | Me |
|---|
| Subject | XML import script |
|---|
| Date | 29 November 2005 11:34 |
|---|
Hello Tarquin,
I've reading through your sofisticated XMLImport script. I have been making
some XMLload scripts of my own but I always end up with the same problem:
security in FireFox/Mozilla that will refuse to load an RSS feed from an
extranal site.
Looking through your script - that apparently has no problem with that - I
fail to see how you get around that problem. The more since you actually
mention in your documentation "There are two restrictions. Firstly, the XML
file must be in the same domain as the page that calls it...."
The RSS feeds are not in your domain, no? so what is it that I overlook?
I've been trying using
"netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
" but to no avail
Can you enlighten me? Thanks a lot
Jan Vandorpe
| From | Me |
|---|
| To | Jan Vandorpe |
|---|
| Subject | Re: XML import script |
|---|
| Date | 29 November 2005 16:16 |
|---|
Jan,
> security in FireFox/Mozilla that will refuse to load an RSS feed from an
> extranal site.
yep. exactly how it should work. otherwise you would end up being able to
request pages off someone else's bank site, etc, with their own cookes and
authentication, and this would have potentially very serious security
implications.
> Looking through your script - that apparently has no problem with that
My script bypasses the problem by using a server side proxy script. they
request this:
http://my-site.com/myscript.php?http://the-page-they-wanted/the-feed.xml
My server side script then loads the desired feed, and passes it back to the
browser. The browser sees that it came from my site, so it allows it. If you
download the zip package from my site, you can see how it works, and use it
on your own site (subject to the usual terms and conditions, etc):
http://www.howtocreate.co.uk/tutorials/jsexamples/rss.html
> "netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
A simple bit of advice; never rely on a browser-specific extension like
this. Opera, Safari, Konqueror, iCab, and many, many other browsers do not
provide this extension, for security reasons (users have a habit of clicking
"yes" without actually looking at what they clicked). Your script will not
work in them, so many people (myself included) would not be able to use your
script.
Mark 'Tarquin' Wilton-Jones - author of http://www.howtocreate.co.uk/