I do a lot of web development, including a bunch of mashups. One problem we have with mashups is that it's difficult to consume data from multiple domains concurrently without a heavy back-end. Google has a great way around this. They abuse the <script> tag, which supports loading across-site. The problem with this is that the consumed script has to be written to support this kind of thing. For example, this won't work.
<script source="http://www.google.com" /></script>
The page this script references is an HTML page. But, <script> tags only grok javascript, not HTML.
Other sites will return XML. This also won't work, because XML isn't javascript. You can use AJAX to request the XML, but only if it's coming from the same domain as the webpage.
Dave's XSS Support is a simple app I wrote which will read from a URL, encode it as JSON, and call a function with the output. Your JavaScript page can include any page via my script. Check out the example app, which parses all the NYTimes headlines from its home page, here
No comments:
Post a Comment