I want to know if it would be possible to link the JavaScript from my main site "http://example.com" to my subdomain "http://subsite.example.com".
They are not hosted on the same server.
I'm thinking that for security reasons, JavaScript cannot be cross-linked to.
Here is a good way to do it:
http://www.tomhoppe.com/index.php/2008/03/cross-sub-domain-javascript-ajax-iframe-etc/
Never tried it myself, but had it in favs for a while waiting to need it.
If you mean if it is possible for you to retrieve a javascript file that is hosted at a seperate location from this page that you have, yes. In fact Google CDN allows you to link popular libraries such as jQuery so as to offload this from your server, and also possibly faster. So its perfectly fine for your situation.
Related
I have a difficult one
I am trying to show an external website within my page (currently using an iframe)
The trick is I want to be able to edit the site
e.g. I really want to show a preview of another website that I can modify.
Not sure if there is any tools out there, was thinking of using a jquery request to create a page within my domain that I can edit?
Any advice?
If that would be possible from within the browser, that would be a bug.
The way you should do it, is creating some sort of a proxy on your own domain/server, and fetch the site through there. Then you're allowed to access the iframe and edit whatever you like.
Of course, the site won't run like it normally would, since it can't use its own cookies, AJAX calls, etc.
I think this js library could inspire you something!
easyXDM
I don't think this is possible, but it never hurts to ask.
Is there any way for me to host a file (or folder) on someone else's domain (with their permission, of course)? For example, if their site is hosted at www.example.com, I would like to host a file at www.example.com/foo.html, or a folder at www.example.com/foo/, or the like. I just need to be able to make changes at will to a single file.
We can't use a redirect or anything like that - the purpose of this is to allow me to control a document loaded in an <iframe> on their site, and for the JavaScript in that <iframe> to have access (i.e., no security restrictions) to its parent page - which is only allowed if the domains match. Their site doesn't change the document.domain property to relax the security restrictions, nor can we ask them to start using that approach (it's an enormous site).
I also can't generate an <iframe> and create its document solely using JavaScript - we've done that in the past, and it gets around the security restrictions (the generated <iframe> is in the same domain as its parent page), but it causes other issues and difficulties that add up to a deal-breaker in this case.
Please let me know if you have any alternative suggestions, or if you need any more information about what exactly I'm trying to do.
Thanks in advance for any help!
I hope I'm understanding this correctly. Since you have their permission to host a file on their site, can you just use FTP? They can set you up to only be able to drop files in one directory on their site, and you can edit the file there.
Provide embed code to the other party to load remote javascript file to their page. You may then generate content or information gathering. As the javascript file is hosted on your side, it's under your control. A Visitor Counter is a similar case.
You could make a php script that loads it's data from your own site.
this should work actually:
<?php echo file_get_contents("http://www.yoursite.com/yourfile.html"); ?>
Edit: You might be able to do the same with javascript, but i don't know the code for it... Sorry. :-/
Sounds like your friend can set up a reverse proxy rule on their web server for your file. http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
I apologize if this has been asked before. I searched but did not find anything. It is a well-known limitation of AJAX requests (such as jQuery $.get) that they have to be within the same domain for security reasons. And it is a well-known workaround for this problem to use iframes to pull down some arbitrary HTML from another website and then you can inspect the contents of this HTML using javascript which communicates between the iframe and the parent page.
However, this doesn't work on the iPhone. In some tests I have found that iframes in the Safari iPhone browser only show content if it is content from the same site. Otherwise, they show a blank content area.
Is there any way around this? Are there other alternatives to using iframes that would allow me to pull the HTML from a different domain's page into javascript on my page?
Edit:
One answer mentioned JSONP. This doesn't help me because from what I understand JSONP requires support on the server I'm requesting data from, which isn't the case.
That same answer mentioned creating a proxy script on my server and loading data through there. Unfortunately this also doesn't work in my case. The site I'm trying to request data from requires user login. And I don't want my server to have to know the user's credentials. I was hoping to use something client-side so that my app wouldn't have to know the user's credentials at the other site.
I'm prepared to accept that there is no way to accomplish what I want to do on the iPhone. I just wanted to confirm it.
You generally can NOT inspect the contents of an iframe from another domain via JavaScript. The most common answers are to use JSONP or have your original server host a proxy script to retrieve the inner contents for you.
Given your revisions, without modification or support from the secondary site, you are definitely not going to be able to do what you want via the iPhone's browser.
"In some tests I have found that iframes in the Safari iPhone browser only show content if it is content from the same site"
I found the same thing. Is this documented somewhere? Is there a workaround? This sounds like broken web standards to me, and I am wondering if there is a solution.
Basically, what I'm trying to do is simply make a small script that accesses finds the most recent post in a forum and pulls some text or an image out of it. I have this working in python, using the htmllib module and some regex. But, the script still isn't very convenient as is, it would be much nicer if I could somehow put it into an HTML document. It appears that simply embedding Python scripts is not possible, so I'm looking to see if theres a similar feature like python's htmllib that can be used to access some other webpage and extract some information from it.
(Essentially, if I could get this script going in the form of an html document, I could just open one html document, rather than navigate to several different pages to get the information I want to check)
I'm pretty sure that javascript doesn't have the functionality I need, but I was wondering about other languages such as jQuery, or even something like AJAX?
As Greg mentions, an Ajax solution will not work "out of the box" when trying to load from remote servers.
If, however, you are trying to load from the same server, it should be fairly straightforward. I'm presenting this answer to show how this could be done using jQuery in just a few lines of code.
<div id="placeholder">Please wait, loading...</div>
<script type="text/javascript" src="/path/to/jquery.js">
</script>
<script type="text/javascript>
$(document).ready(function() {
$('#placeholder').load('/path/to/my/locally-served/page.html');
});
</script>
If you are trying to load a resource from a different server than the one you're on, one way around the security limitations would be to offer a proxy script, which could fetch the remote content on the server, and make it seem like it's coming from your own domain.
Here are the docs on jQuery's load method : http://docs.jquery.com/Ajax/load
There is one other nice feature to note, which is partial-page-loading. For example, lets say your remote page is a full HTML document, but you only want the content of a single div in that page. You can pass a selector to the load method, as in my example above, and this will further simplify your task. For example,
$('#placeholder').load('/path/to/my/locally-served/page.html #someTargetDiv');
Best of luck!-Mike
There are two general approaches:
Modify your Python code so that it runs as a CGI (or WSGI or whatever) module and generate the page of interest by running some server side code.
Use Javascript with jQuery to load the content of interest by running some client side code.
The difference between these two approaches is where the third party server sees the requests coming from. In the first case, it's from your web server. In the second case, it's from the browser of the user accessing your page.
Some browsers may not handle loading content from third party servers very gracefully (that is, they might pop up warning boxes or something).
You can embed Python. The most straightforward way would be to use the cgi module. If the script will be run often and you're using Apache it would be more efficient to use mod_python or mod_wsgi. You could even use a Python framework like Django and code the entire site in Python.
You could also code this in Javascript, but it would be much trickier. There's a lot of security concerns with cross-site requests (ah, the unsafe internet) and so it tends to be a tricky domain when you try to do it through the browser.
How do I open 'cross-domain security', so the JavaScript on the page can freely communicate with the SWF, even when this is hosted on another domain?
I know for certain that this function communication is blocked by default, but by playing around with a file called "crossdomain.xml" and the actionscript 3 function: system.Security.allowDomain("*"). I'm not having full success though, and I don't have the insight to know which one is opening up for what.
Is there other hidden security layers, that I need to think of in this scenario?
And am I opening up my code for potential hackers somehow by doing this setup?
(and in case you're wondering: Yes, I have to make this work in a scenario, where the html is hosted on one domain, the JavaScript is added externally from another domain and the SWF is embedded by the JavaScript from a third domain - don't ask why, it's too complicated to explain - I too wish I could just host the whole thing in one domain).
Using Security.allowDomain("www.example.com") in the SWF will allow JS in a page from www.example.com to call functions exposed in the SWF with ExternalInterface.addCallback(). The domain and subdomain must match exactly. Using "*" will allow any domain to communicate with the SWF, but if you have one specific domain, it's better to use that.
Setting allowScriptAccess to always in the HTML embed code will allow the SWF to to call JavaScript functions.
One thing that catches many developers is that JavaScript will not be able to call functions on the SWF until the SWF is done loading. Unfortunately, there is no JS-based event that tells you when the SWF is ready (at least that I've found). What I usually do to work around this problem is call a JS function from the SWF immediately when the SWF finishes loading to notify the page that the SWF is ready.
There's some abstraction here and there, but if you take a look at the source code for YUI Charts, you might be able to figure out how Yahoo! got crossdomain JS/SWF communication working.
One thing I'd add to the previous answer: If you try the above code and it doesn't work, check to see if your site's address includes the "www" or not. Mine did not and didn't work if I wrote it as
Security.allowDomain("www.jeremy-knight.com");
I needed to write it as:
Security.allowDomain("jeremy-knight.com");