issuhub.com

AJAX - The Complete Reference

(avery) #1

496 Part III: Advanced Topics


if (response.stat == "ok")

{

var images = response.photos.photo;

for (var i=0;i<images.length;i++)

{

var image = images[i];

resultsDiv.innerHTML += "<b>" + image.title + "</b><br />";

resultsDiv.innerHTML += "<img src='http://farm" + image.farm +

".static.flickr.com/" + image.server + "/" + image.id + "_" + image.secret +

"_m.jpg' /><br /><br />";

}

}

else

resultsDiv.innerHTML = "<h2>An error has occurred</h2>";

}

window.onload = function () {

$id("requestbutton").onclick = function(){search($id('query').value);};

$id("requestForm").onsubmit = function() {return false;};

};

</script>

</head>

<body>

<div class="content">

<h1>Flickr Search: Script/JSON Version</h1><br />

<form id="requestForm" method="GET" action=

"http://ajaxref.com/ch10/proxyflickr.php" name="requestForm" >

<label>Search Term:

<input type="text" name="query" id="query" id="query" value="Schnauzer"

autocomplete="off" size="30" />

</label>

<input type="submit" id="requestbutton" value="Search" />

</form>

</div>

<br /><br /><div id="progress"></div>

<div id="results" class="results"></div>

</body>

</html>

While the <script> tag does let us break the same origin policy, we should do so with

caution. As demonstrated in Chapter 7, untrustworthy sites can introduce problems even

with JSON payload responses. There is a somewhat inelegant solution using a number of

iframes often dubbed “subspace” that can be employed, but you will have to be quite careful

with testing to ensure a robust connection. We point readers back to the security discussion

(Chapter 7) for more information, but for now, since we have found one client-side focused

way to break the SOP, you might wonder if there are other approaches. But of course!

Flash Cross Domain Bridge

We saw that the <script> tag can break the same origin, but it turns out there is something

else that we could use that might be a bit more flexible to perform this action: Flash.

Generally people tend to think of Flash for animation, video, and various rich applications.

However, if you dig deeper into Flash you come to realize that it has a rich development
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.