Jan Vandorpe

Navigation

Skip navigation.

Search

Site navigation

Email conversation

FromJan Vandorpe
ToMe
SubjectXML import script
Date29 November 2005 11:34
Hello Tarquin,

I've reading through your sofisticated XMLImport script. I have been making
some XMLload scripts of my own but I always end up with the same problem:
security in FireFox/Mozilla that will refuse to load an RSS feed from an
extranal site.

Looking through your script - that apparently has no problem with that -  I
fail to see how you get around that problem. The more since you actually
mention in your documentation "There are two restrictions. Firstly, the XML
file must be in the same domain as the page that calls it...."

The RSS feeds are not in your domain, no? so what is it that I overlook?

I've been trying using
"netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
" but to no avail

Can you enlighten me? Thanks a lot

Jan Vandorpe
FromMe
ToJan Vandorpe
SubjectRe: XML import script
Date29 November 2005 16:16
Jan,

> security in FireFox/Mozilla that will refuse to load an RSS feed from an
> extranal site.

yep. exactly how it should work. otherwise you would end up being able to
request pages off someone else's bank site, etc, with their own cookes and
authentication, and this would have potentially very serious security
implications.

> Looking through your script - that apparently has no problem with that

My script bypasses the problem by using a server side proxy script. they
request this:
http://my-site.com/myscript.php?http://the-page-they-wanted/the-feed.xml

My server side script then loads the desired feed, and passes it back to the
browser. The browser sees that it came from my site, so it allows it. If you
download the zip package from my site, you can see how it works, and use it
on your own site (subject to the usual terms and conditions, etc):
http://www.howtocreate.co.uk/tutorials/jsexamples/rss.html

> "netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");

A simple bit of advice; never rely on a browser-specific extension like
this. Opera, Safari, Konqueror, iCab, and many, many other browsers do not
provide this extension, for security reasons (users have a habit of clicking
"yes" without actually looking at what they clicked). Your script will not
work in them, so many people (myself included) would not be able to use your
script.

Mark 'Tarquin' Wilton-Jones - author of http://www.howtocreate.co.uk/
This site was created by Mark "Tarquin" Wilton-Jones.
Don't click this link unless you want to be banned from our site.