{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 放荡不羁爱自由 的问题《parse xml in an iframe》','https://www.manongdao.com/q-847448.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to be able access an rss feed from js. I have the ability to configure both servers to use the same domain (but different subdomains - eg static.benanderson.us and tech.benanderson.us). I was hoping I could use the document.domain property to get around the xss issue. Here's a snippet http://static.benanderson.us/example.js (not actually live):
document.domain = 'benanderson.us';
new Ajax.Request('http://tech.benanderson.us/feeds/posts/default', { \\error
However, that doesn't work. I couldn't find out if document.domain works for xhr requests, so I bagged that and switched to an iframe solution because I've done something similar in the past.
$('my_iframe').src='http://tech.benanderson.us/feeds/posts/default';
Event.observe($('my_iframe'), 'load', function() {
try {
log(this.contentDocument); //this displays just fine
var entries = this.contentDocument.getElementsByTagName('entry'); //error
The weird thing is that I can view this.contentDocument in firebug, however it's the getElementsByTagName that errors with a "permission denied..." message.
Any thoughts on how to get either of these solutions to work would be awesome. I know I could do a proxy - that's not what I'm interested in.
The problem is that document.domain needs to be set to benanderson.us both on the page loading the iframe and the page in the iframe. That gets a bit stupid in this case since you can't just put javascript into a rss feed, so you'll probably have to make some kind of gateway page on the same subdomain to load that page in a frame for you. Here's a lazy example of that:
So, assuming we call this "gateway.html" and you put this someplace inside the tech.benanderson.us subdomain, you would go "gateway.html?request=http://tech.benanderson.us/feeds/posts/default" So, in this case, you would have to reference it through window.frames["my_frame"].window.frames["content_frame"] and you should get it.
NOTE: I haven't tested this code.
This doesn't speak to the JS technicalities at all, but as a workaround, you could set up a server-side script on the same subdomain that just fetches what you need from the other subdomain.
You cant do that, it is not allowed by same origin policy
You can only set document.domain to the superdomain of the current domain, you do that but the same origin policy has to match the whole domain name that it is allowed (tech.benanderson.us != benanderson.us)
apparently there is no way to do exactly this. Howver, I was able to come up with a decent solution. The rss xml is coming from blogger (tech.benanderson.us). So I added a javascript function there that could make the xhr to the rss. Then this javascript sets it's document.domain to benanderson.us and makes a callback. To sum up:
http://static.benanderson.us/example.js:
http://tech.benanderson.us/2001/01/js.html:
Following is an actually working code, parseXML is my wrapper around DOMXML, therefore, instead of that you can use window.frames["internal"].document as XML object. This works in Firefox and Opera. "this" does not work because "this" is iFrame "Element" not a frame. Sorry about language, but you will get the idea.