IE's msxml and possible violation of the same origin policy - javascript

I came across a curious case of what seems like a violation of the same origin policy in IE when using msxml. Here is a complete example:
var xmlhttp=false;
try
{
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (E)
{
xmlhttp = false;
}
}
if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
try {
xmlhttp = new XMLHttpRequest();
} catch (e) {
xmlhttp=false;
}
}
if (!xmlhttp && window.createRequest) {
try {
xmlhttp = window.createRequest();
} catch (e) {
xmlhttp=false;
}
}
function doRequest()
{
xmlhttp.open('GET','http://www.google.com',true);
xmlhttp.send();
xmlhttp.onreadystatechange=function(){
if(xmlhttp.readyState==4)
{
alert(xmlhttp.responseText);
}
};
}
Calling the doRequest() method from a simple onClick event in IE will happily get you the contents of google.com no matter which domain the page is hosted on. Isn't this a violation of same origin? Am I missing something?

Related

Ajax Request by external page and history.pushState together

There is a way for combine these two technologies so that they work together when we are alredy in the div "result" ?
Let's see the problem.. We have the first code that do the ajax request
var http_request = false;
function makeRequest(url,getvar,funzione) {
http_request = false;
if (window.XMLHttpRequest) { // Mozilla, Safari,...
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
//http_request.overrideMimeType('text/xml');
// See note below about this line
}
} else if (window.ActiveXObject) { // IE
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
}
if (!http_request) {
alert('Errore :( Non riesco a creare unna connessione XMLHTTP');
return false;
}
http_request.onreadystatechange = funzione;
http_request.open('POST', url, true);
http_request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
http_request.send(getvar);
}
function alertContents() {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
//alert(http_request.responseText);
document.getElementById("result").innerHTML = http_request.responseText;
} else {
alert('C\'รจ stato un problema alla connessione.');
}
}else{
document.getElementById("result").innerHTML ="loading";
}
}
And another function that edit the andress bar..
jQuery(document).ready(function() {
$('a.clickurl').click(function(event) {
var currentPage = document.location.pathname.substring(document.location.pathname.lastIndexOf('/') + 1);
if ($(this).attr('href') != currentPage){
if (history && history.pushState) {
history.pushState(null, document.title, $(this).attr('href'));
$.get($(this).attr('href'), {ajax:'1'}, function(data, text, xhr) {
pageSlider(data, text, xhr);
});
event.preventDefault();
}
}
});
after the first istance we got result on the div.. and up to here everything is working correctly, but how let the function work also in the links inside the "result" div?
setting a href="#" the ajaxrequest work correctly and just reflash the "result" div.. but if i set an different address loads the entire page..
ps. i already tried return false;
Problem is the fact that you are not binidng events to the dynamic content. You need to either rebind or use event delegation.
$(document).on("click", 'a.clickurl', function(event) {
or even better if all the links are only in the result div
$("#result").on("click", 'a.clickurl', function(event) {

Use two GetXmlHttpObject results

I'm trying to add functionality to a small php/js I've built, but I can't make it work.
In general, i make two GETS of two different URL, and I need to use the reply of this URL in two different boxes.
I'v tried: seperate var port_name; and them just equals / to call $port_name or port_name.
Relevant part of code:
<script type="text/javascript">
function showPortName()
{
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
alert ("Your browser does not support AJAX!");
return;
}
var oob=document.getElementById("oob_name").value;
var port=document.getElementById("port").value;
var url="oob_get_port_name.php";
var url2="oob_get_location.php";
url=url+"?oob="+oob+"&port="+port;
xmlHttp.open("GET",url,true);
xmlHttp.onreadystatechange=stateChanged;
xmlHttp.send(null);
var port_name=xmlHttp.responseText.value;
url2=url2+"?oob="+oob+"&port="+port;
xmlHttp.open("GET",url2,true);
xmlHttp.onreadystatechange=stateChanged;
xmlHttp.send(null);
}
function stateChanged()
{
if (xmlHttp.readyState==4)
{
document.getElementById("device_name").value=$port_name;
document.getElementById("device_location").value=xmlHttp.responseText;
}
}
function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
</script>

PUT/DELETE XMLHttpRequest Not Working in Firefox

I am working with javascript cross domain ajax request. my code is working fine on chrome and other devices like android browser and android native app using phonegap.
But i was facing issue with Firefox..
Firefox does not support my PUT and DELETE requests.
Is there any solution for firefox to make put and delete request to my server.
firefox does support my post and get request. both request working fine.
here is my working code.
var XMLHttpFactories = [
function () {
return new XMLHttpRequest()
},
function () {
return new ActiveXObject("Msxml2.XMLHTTP")
},
function () {
return new ActiveXObject("Msxml3.XMLHTTP")
},
function () {
return new ActiveXObject("Microsoft.XMLHTTP")
}
];
function createXMLHTTPObject() {
var xmlhttp = false;
for (var i=0;i<XMLHttpFactories.length;i++) {
try {
xmlhttp = XMLHttpFactories[i]();
}
catch (e) {
continue;
}
break;
}
return xmlhttp;
}
For send Put request..
var xhr = createXMLHTTPObject();
xhr.open("PUT", url,true);
xhr.onreadystatechange=function()
{
if (xhr.readyState==4)
{
if(xhr.status==200){
request.success(xhr.responseText);
}else if(xhr.status!=200){
request.error(xhr.responseText)
}
}
}
xhr.send(body);
The following is working just fine on Firefox 22.0 (& 23.0 too):
var XMLHttpFactories = [
function () {
return new XMLHttpRequest()
},
function () {
return new ActiveXObject("Msxml2.XMLHTTP")
},
function () {
return new ActiveXObject("Msxml3.XMLHTTP")
},
function () {
return new ActiveXObject("Microsoft.XMLHTTP")
}
];
function createXMLHTTPObject() {
var xmlhttp = false;
for (var i=0;i<XMLHttpFactories.length;i++) {
try {
xmlhttp = XMLHttpFactories[i]();
}
catch (e) {
continue;
}
break;
}
return xmlhttp;
}
var xhr = createXMLHTTPObject();
xhr.open("PUT", "/echo/html/", true);
xhr.onreadystatechange = function()
{
if (xhr.readyState == 4)
alert("Request completed, with the following status code: " + xhr.status);
}
xhr.send("");
Here is a jsFiddle: http://jsfiddle.net/qXQtD/
To better understand your situation, please answer the following:
What is the data you are trying to send?
What are your complete response headers (especially the "Access-Control-Allow-Origin" header)?

document.getElementById("id").innerHTML run time error on Internet Explorer

I wrote an AJAX function and with this function I am populating the <option> tag of a particular <select> tag. This function runs fine on all leading web browsers but when I try to run it on IE7 it gives me the runtime error on following line in the browser:
document.getElementById("box2View").innerHTML = req.responseText;
My code is
function retrieveURL(url)
{
var newUrl = 'showStates.do?country='+url;
req = GetXmlHttpObject();
req.onreadystatechange = processStateChange;
try {
req.open("GET", newUrl, true);
} catch (e) {
alert(e);
}
req.send();
}
function processStateChange() {
if (req.readyState == 4) { // Complete
if (req.status == 200) { // OK response
alert(req.responseText);
document.getElementById("box2View").innerHTML = req.responseText;
var x = document.getElementsByName("countryid");
} else {
alert("Problem: " + req.statusText);
}
}
}
function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
//Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
When I debug it I found that I got a HTML from in req.responseText
which is
So can anyone tell me what should I do to make it work with IE7.

ajax script working with firefox but not ie6

i have this ajax function working well in firefox and not in ie6
are there some specific issues for ie?
the error is on ths line
document.getElementById(containerid).innerHTML=page_request.responseText
here is the full code i'm using
var bustcachevar=1 //bust potential caching of external pages after initial request? (1=yes, 0=no)
var loadedobjects=""
var rootdomain="http://"+window.location.hostname
var bustcacheparameter=""
function ajaxpage(url, containerid){
var page_request = false
if (window.XMLHttpRequest) // if Mozilla, Safari etc
page_request = new XMLHttpRequest()
else if (window.ActiveXObject){ // if IE
try {
page_request = new ActiveXObject("Msxml2.XMLHTTP")
}
catch (e){
try{
page_request = new ActiveXObject("Microsoft.XMLHTTP")
}
catch (e){}
}
}
else
return false
page_request.onreadystatechange=function(){
loadpage(page_request, containerid)
}
if (bustcachevar) //if bust caching of external page
bustcacheparameter=(url.indexOf("?")!=-1)? "&"+new Date().getTime() : "?"+new Date().getTime()
page_request.open('GET', url+bustcacheparameter, true)
page_request.send(null)
}
function loadpage(page_request, containerid){
if (page_request.readyState == 4 && (page_request.status==200 ||
window.location.href.indexOf("http")==-1))
////////////////////// here is the error line pointed by ie debugger/////////
document.getElementById(containerid).innerHTML=page_request.responseText
//////////////////////////////
}
thanks for your answers
Try using something like this - or checking out jQuery
function isIE(){return/msie/i.test(navigator.userAgent)&&!/opera/i.test(navigator.userAgent);}
function parseFile(filename)
{
try
{
if(isIE())
{var xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");}
else
{var xmlhttp=false;}
if(!xmlhttp&&typeof XMLHttpRequest!='undefined')
{
try
{xmlhttp=new XMLHttpRequest();}
catch(e)
{xmlhttp=false;}
}
if(!xmlhttp&&window.createRequest)
{
try
{xmlhttp=window.createRequest();}
catch(e)
{xmlhttp=false;}
}
xmlhttp.open("GET",filename);
xmlhttp.onreadystatechange=function()
{
if(xmlhttp.readyState==4)
{
return xmlhttp.responseText;
}
}
xmlhttp.send(null);
}
catch(e)
{
alert(e);
}
}

Categories

Resources