Email conversation
| From | Kevin Emamirad |
|---|
| To | Me |
|---|
| Subject | How to import a XML (WMS) file from a request URL |
|---|
| Date | 17 May 2007 16:53 |
|---|
Hi,
I worte a few JS Scripts to parse an XML WMS file, for geographical datas.
I imported the XML file by this function:
[Ed. warning: do not use this script]
-----------------------------------------------------------------
function importXML()
{
if (document.implementation && document.implementation.createDocument)
{
xmlDoc = document.implementation.createDocument("", "", null);
xmlDoc.onload = lister;
}
else if (window.ActiveXObject)
{
xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
xmlDoc.onreadystatechange = function () {
if (xmlDoc.readyState == 4)lister()
};
}
else
{
alert('Sorry your browser is not yet supported');
return;
}
xmlDoc.load("wms1.xml");
}
--------------------------------------------------------------
My XML file is generated by a WMS request like:
http://server/[URL]
But, when I'm trying to do a:
--------------------------------------------------------------
xmlDoc.load("http://server/[URL]");
-----------------------------------------------------------------
I've got a "uncaught exception: Permission denied to call method
XMLDocument.load"
What do you suggest me to do, to import this file directly from the request
URL?
I use DOM to parse my document, when I open the request URL on a
browser then I save it , i've got a XML Document that I can parse it
easily.
If I have to learn new technics, there is no problem :)
Thanks a lot for your help !
Regards,
Kevin Emamirad
| From | Me |
|---|
| To | Kevin Emamirad |
|---|
| Subject | Re: How to import a XML (WMS) file from a request URL |
|---|
| Date | 17 May 2007 19:11 |
|---|
Kevin,
> I imported the XML file by this function:
The function you are using uses an outdated method of importing XML. Looks
like you copied it from the QuirksMode site. Using createDocument and
.load() is no longer recommended, and is not supported in most current
browsers. Use XMLHttpRequest instead:
http://www.w3.org/TR/XMLHttpRequest/
var foo;
if( window.XMLHttpRequest ) {
foo = new XMLHttpRequest();
} else if( window.ActiveXObject ) {
foo = new ActiveXObject('Microsoft.XMLHTTP');
}
if( foo ) {
foo.onreadystatechange = function () {
if( foo.readyState == 4 ) {
lister();
}
};
foo.open("GET", 'bar.xml', true);
foo.send(null);
} else {
//not supported
}
Alternatively, you can use my XML importing script, which uses
XMLHttpRequest, but also can extend support to more browsers:
http://www.howtocreate.co.uk/jslibs/script-importxml
> I've got a "uncaught exception: Permission denied to call method
> XMLDocument.load"
Note that you cannot import XML from any server except the one the page
itself is being served from. So for example, a page on www.example.com can
only import XML files from www.example.com. It could not, for example, load
XML files from www.some-other-site.com
If you need to be able to import from other sites (that's what would
normally produce the error message you got, so I suspect that is your
problem), you cannot use just a client side importing script. You would have
to use a server-side script on your site that loads the XML file, and serves
it as though as its own content. Then the client side script should try to
import the server-side script page.
Note that if you plan to use a server side script like that, it is very
important that you make sure it does not just accept any address to load as
a GET parameter without checking if it is safe to do so (such as if it
begins with "http:" or "https:" _with_ the colons. Failure to do this would
allow people to make it request files on your server that you would not
normally want them to be able to have access to.
Mark 'Tarquin' Wilton-Jones - author of http://www.howtocreate.co.uk/
| From | Kevin Emamirad |
|---|
| To | Me |
|---|
| Subject | Re: How to import a XML (WMS) file from a request URL |
|---|
| Date | 17 May 2007 20:20 |
|---|
Tarquin,
Thanks a lot for this so quick answer,
I'm now using your fabulous script, it works perfect. Thanks a lot
again for your perfect job. I'll contact the server administrator as
soon as I can, and we will see what we can do.
Now I'm trying to understand in deep your script.
I've got this new message instead of the old one:
---------
uncaught exception: Permission denied to call method XMLHttpRequest.open
---------
I don't understand why it doesn't allow me to import XML from another
server.
My method is:
----
importXML('http://[IP address]/[URL]','lister_couches')
----
After a few research on Internet I saw that XMLHttpRequest.open don't
let open files from another server with Gecko but it works very well
with IE. I didn't test on Opera or other browser yet, I'll do this as
soon as I can.
It can work on Mozilla if we changes CAPS [Ed. warning: for your own
security, do not set this option]
[URL]
Some people are posting on Internet that XHR will be cross-domain in
Gecko 1.9 (FireFox 3). Wait and see...
Thanks a lot again,
Kevin
| From | Me |
|---|
| To | Kevin Emamirad |
|---|
| Subject | Re: How to import a XML (WMS) file from a request URL |
|---|
| Date | 17 May 2007 22:33 |
|---|
Kevin,
> Permission denied to call method XMLHttpRequest.open
Yep. You will need to use the server side script on your own server, as I
described in the last email.
> I didn't test on Opera or other browser yet, I'll do this as
> soon as I can.
Other browsers (Opera included) will follow the spec, and throw an error.
> I don't understand why it doesn't allow me to import XML from another
> server.
Allowing that would be a major security hole. Basically, if you logged into
your bank's website, or your webmail, or whatever, then any other Web site
you loaded in your browser could request pages from your bank site or
webmail as you, since it would send all the same cookies and authentication
headers as normal. They could make bank transactions - send themselves your
money. Read email addresses or passwords in emails.
IE 6 (seems that IE 7 finally fixed this since I cannot reproduce it there)
allows cross domain access. The implications of this are that IE 6 is a
major security hole and privacy hole. More details about IE 7's confusing
approach here:
http://msdn2.microsoft.com/en-us/library/ms537505.aspx
[Ed. IE 7 actually has the 'Access data sources across domains' setting in
the security zone settings, but for your own security, you should never
enable it]
Basically, denying cross domain XMLHttpRequest can be inconvenient for
developers like yourself who want to use it legitimately, but it is vital to
ensure the security and privacy of users. They need to be protected against
evil sites that would (and do in IE 6) abuse it.
| From | Kevin Emamirad |
|---|
| To | Me |
|---|
| Subject | Kevin sent you a friend request on [moronic site]... |
|---|
| Date | 14 February 2007 14:59 |
|---|
Kevin Emamirad wants you to join [moronic site]!
Is Kevin your friend?
Yes, Kevin is my friend! [URL]
No, Kevin isn't my friend. [URL]
Please respond or Kevin might think you said no :(
Thanks,
The [moronic site] Team
____
You are receiving this message because someone you know registered for
[moronic site] and listed you as a contact.
If you prefer not to receive this email tell us here
[URL]
If you have any concerns regarding the content of this message, please email
abuse@[moronic site].
[Moronic site. No. 668, The Moon]
Awwww
Looks like Sean found a friend.