AJAX and IE problem

W

will.hc.barker

Am trying to set up a very simple AJAX script for my website. The
javascript i have in an external file which reads as below.

This works perfectly in firefox but IE doesn't display anything at all.
No error messages, just a blank IE window. If you look at the IE source
this html is all there it just won't show it!

Any ideas



// JavaScript Document

function GetXmlHttpObject(handler)
{
var objXMLHttp=null;
if (window.XMLHttpRequest)
{
objXMLHttp=new XMLHttpRequest();
}
else if (window.ActiveXObject)
{
objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
return objXMLHttp;
}


function getcounts(str)
{
xmlHttp=GetXmlHttpObject()
if (xmlHttp==null)
{
alert ("Browser does not support HTTP Request")
return
}
var url="cgi-bin/countcomments.pl?blog_ids="
url=url+str
xmlHttp.onreadystatechange=stateChanged
xmlHttp.open("GET",url,true)
xmlHttp.send(null)
}


function stateChanged()
{
if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
{
response = xmlHttp.responseXML.documentElement;
counts = response.getElementsByTagName('count');
for (i=0;i<=counts.length;i++)
{
id = response.getElementsByTagName('id').firstChild.data;
num = response.getElementsByTagName('num').firstChild.data;
idtofind = "commentcount" + id;
newhtml = " (" + num + ")";

document.getElementById(idtofind).innerHTML=newhtml;
}

}
}
 
W

will.hc.barker

Have half solved my problem. If i embed the javascript into the page it
works correctly.

Does IE have some security requirement about where external js files
are or something??
 
L

Laurent Bugnion

Hi,

Have half solved my problem. If i embed the javascript into the page it
works correctly.

Does IE have some security requirement about where external js files
are or something??

No, it should work also with external JavaScript. Your code looks OK on
first sight, except for one thing: IIRC, IE doesn't accept relative URLs
for XmlHttpRequest calls. Try with an absolute URL, and if it works, use
the Location object to create the absolute URL from the relative one.

HTH,
Laurent
 
D

Dag Sunde

Laurent Bugnion said:
Hi,



No, it should work also with external JavaScript. Your code looks OK on
first sight, except for one thing: IIRC, IE doesn't accept relative URLs
for XmlHttpRequest calls. Try with an absolute URL, and if it works, use
the Location object to create the absolute URL from the relative one.

Are you telling me that this production code for IE doesn't work?

var xmlReq;

function sendBid() {

var url = "submitBid.asp";
if (window.XMLHttpRequest) {
xmlReq = new XMLHttpRequest();
}
else {
xmlReq = new ActiveXObject("Microsoft.XMLHTTP");
}

var buffer = "";
//filling buffer here...
...

xmlReq.open("POST", url, true);
xmlReq.onreadystatechange = xmlSendBidCallback;
xmlReq.setRequestHeader( "Content-Type",
"application/x-www-form-urlencoded");
xmlReq.send("bidData=" + escape(buffer));
}

Well, the url variable above points to a page _relative_ to the current
page,
and this piece of code have been working without a glitch for the last
12 months...
 
L

Laurent Bugnion

Hi,

Dag said:
"Laurent Bugnion" <[email protected]> skrev i melding


Are you telling me that this production code for IE doesn't work?

Well, the url variable above points to a page _relative_ to the current
page,
and this piece of code have been working without a glitch for the last
12 months...

Yes. I said IIRC, which means If I Recall Correctly. Seems that I
didn't, Sorry about that ;-)

I know that we had problems with relative URLs and web services in IE. I
can't remember why. It was 3 years ago...

Laurent
 
V

VK

Yes. I said IIRC, which means If I Recall Correctly. Seems that I
didn't, Sorry about that ;-)

I know that we had problems with relative URLs and web services in IE. I
can't remember why. It was 3 years ago...

If we consider cross-domain lock for ajaxoids as a security mesure
(which is not and never was, but presuming if) then yes indeed
IXMLHTTPRequest / XMLHttpRequest do have this well-known "vulnerability
exploit" by allowing relative path in request. This is how one of the
most popular fixes ("mod_rewrite fix") is working: one calls say
"foobar.cgi" which is instructed in the server to be translated into
say "http://www.someAllAnotherServer.com/foobar.cgi".
Relative path was initially allowed on a number of send box
environments including for instance java.net.* package - and later
fixed to allow only fully-qualified path - for exactly the reason of
such exploits. So you may well be recalling a similar situation for
some another environment.
In application to ajaxoids the chances to have it "fixed" are very slim
though (too many of corporate solutions are running on it). And even if
"fixed" it adds nothing to the existing security, people will just
migrate on the second most popular (but more resource consuming)
alternative with server-side content grabbers. And the number zero :)
stays as usual with iframe solutions.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top