RE: [xml-dev] Cross-domain loading of XML

["David Lee" <dlee@calldei.com>]

Reading this it doesn’t seem to be limited to JSON at all.
Its *Javascript" not JSON specific.
You could easily pass XML if you wanted as long as it was encoded as a JSON object/value (such as a string).
surrounded by a function.

But thanks for the link.  Now I know why my web developer colleges used this what I called then "JJSON" (JavaScript Wrapped JSON ) format and called it "JSON".
My response was "That’s not even JSON !!! Whats this JavaScript function doing in the DATA !"

When asked why it had to include a Javascript method instead of pure data all I got was hand-waving and finger pointing.
Now I know why !



----------------------------------------
David A. Lee
dlee@calldei.com
http://www.xmlsh.org


-----Original Message-----
From: Mike Sokolov [mailto:sokolov@ifactory.com] 
Sent: Wednesday, December 08, 2010 9:21 AM
To: Elliotte Rusty Harold
Cc: Rob Koberg; Uche Ogbuji; Michael Kay; xml-dev@lists.xml.org
Subject: Re: [xml-dev] Cross-domain loading of XML


This article gives a pretty good explanation:

http://www.ibm.com/developerworks/library/wa-aj-jsonp1/

The gist is that XMLHttpRequest is limited to same-domain urls.

However there is a workaround for JSON (they call it JSONP) that uses 
the ability to load javascript dynamically from another domain.  
Essentially, it seems you can bypass the cross-domain restriction by 
this trick:

var script = document.createElement('script');
script.setAttribute('src', url);

Apparently in this instance url doesn't have to be a url on the same domain.

I don't see why this couldn't be used to insert any sort of data at all, 
but it does rely on javascript.

-Mike

On 12/08/2010 08:08 AM, Elliotte Rusty Harold wrote:
> On Tue, Dec 7, 2010 at 7:15 PM, Rob Koberg<rob@koberg.com>  wrote:
>
>    
>> First thing: Get the browser builders to allow cross domain loading of
>> XML. Without that you might as just bang your head on a post. (even
>> with that, you will just be banging your head on a padded post)
>>      
> Just want to double check this. JSON can be loaded cross-domain and
> XML can't, right? I.e. I can eval JSON from an arbitrary host in my
> browser-based JavaScript and I can't load XML using XmlHTTPRequest
> unless it comes from the same host? Or is it more subtle than that? If
> so, is there a detailed analysis somewhere of exactly under what
> conditions I can load JSON from where and how?
>
> Googling around I see some blog posts, but no detailed analysis.
>
>    

_______________________________________________________________________

XML-DEV is a publicly archived, unmoderated list hosted by OASIS
to support XML implementation and development. To minimize
spam in the archives, you must subscribe before posting.

[Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
Or unsubscribe: xml-dev-unsubscribe@lists.xml.org
subscribe: xml-dev-subscribe@lists.xml.org
List archive: http://lists.xml.org/archives/xml-dev/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php