Parsing iframe's XML in JavaScript (AJAX trick?)

[vunet.us]

Since XMLHTTP Request does not support loading of XML from other
servers, I decided to use a trick:
load XML into hidden iframe and then get that XML with JavaScript to
parse.
But, is this a good idea? I am stuck. How do I get XML loaded in the
iframe and pass it on to JS function for parsing?
Thank you.

 

[Martin Honnen]

Since XMLHTTP Request does not support loading of XML from other
servers, I decided to use a trick:
load XML into hidden iframe and then get that XML with JavaScript to
parse.
But, is this a good idea?

You can load the XML in the (i)frame but script can't access the DOM
then as the same origin policy applies as well to that approach so you
get access or permission denied if the iframe contains a document from a
different origin.

 

[vunet.us]

How do Google RSS feed work? They must have some workaround, dont they?

Either way I found this to be a workaround so far, but I test it by
now:

example of how to use an IFRAME to parse an HTML document into a DOM:
http://youngpup.net/userscripts/htmlparserexample.user.js

 

[Martin Honnen]

Either way I found this to be a workaround so far, but I test it by
now:

example of how to use an IFRAME to parse an HTML document into a DOM:
http://youngpup.net/userscripts/htmlparserexample.user.js

That is a user script or Greasemonkey script you have to install first.
If the user installs such a script then it is not subjected to the same
origin policy that applies to scripts in documents (e.g HTML or SVG
documents) loaded in a browser window.

 

[vunet.us]

Hm... are you trying to say, there is no way for me to parse iframe's
loaded XML file using JavaScript XML parser?
Thank you very much.

 

[Matt Kruse]

How do Google RSS feed work? They must have some workaround, dont
they?

They have a server-side app that connects to the server and grabs the
output.
Your browser is still requesting a url from google.com, but passing the
actual url to retrieve via the "proxy".
So, there is no problems with same origin policies.

 

[vunet.us]

I still believe this may work:

var iframe = document.getElementById("myiframe");
var obj = iframe.contentDocument.open("text/xml");

obj - is an HTML object of iframe document. If I know how to make it an
XML object, I am done with my problem.
Any thoughts and ideas are VERY welcome.
Thank you.

 

[VK]

I still believe this may work:

var iframe = document.getElementById("myiframe");
var obj = iframe.contentDocument.open("text/xml");

obj - is an HTML object of iframe document. If I know how to make it an
XML object, I am done with my problem.
Any thoughts and ideas are VERY welcome.

You are still missing the picture: the problem is not in using iframe
for XML document. The problem is that iframe having a content (any
content) from another domain is not accessible from the main document.
Not because there are not methods to do it: but because these methods
are blocked for any kind of cross-domain communication.

With the same luck you could simply override the <script> element (IE
only though):

<script type="text/xml" src="data.xml"></script>

<script type="text/jscript">
var DynamicSource;
var DataIsland;

function demo() {
DynamicSource = document.scripts[0];
DataIsland = DynamicSource.XMLDocument;
window.alert(DataIsland.firstChild.nextSibling.nodeName);
}

window.onload = demo;
</script>

Works like a charm on the same domain, "Access denied" else.

 

[vunet.us]

So does everyone say I cannot do anything but using a server side code
to get, parse and return XML?
Please, confirm...

 

[VK]

So does everyone say I cannot do anything but using a server side code
to get, parse and return XML?
Please, confirm...

"I cannot do anything but using a server side code to get, parse and
return XML from a source located in another domain".

In this form that's correct, confirmed.

 

[VK]

Correction:

"I cannot do anything but using a server side code to get, parse and
return XML from a source located in another domain under standard
security restriction".

That is the main reason of RSS feeds overuse and misuse: people are
trying to escape this idioticy at least on some most modern browsers.

It is a pure idioticy because it adds nothing to the existing security.
Instead it forces thousands of people to act like hackers on their own
servers (using mod_rewrite, content grabbers and other tricks). It also
forces thousand of thousands of developers to start the career from
thinking of *hacking* things rather than of *using* them. That is maybe
the worst impact of it.

Overall the "issue" is acknowledged by all key players and it goes to
an implementation of data binding's approach with server side
"permissions file". But gosh are they slow on doing...

 

[Kevin Darling]

So does everyone say I cannot do anything but using a server side code
to get, parse and return XML?

If you're writing a page for other people to use, then that is correct.
You cannot access cross-domain information by browser alone.

If you're writing a page for YOU ALONE to use, then create an IE HTA
application. For example, save the following into a file called
"cross_domain.hta" and run it, then click the button. You have access
to the data because it's an application running on your computer.
Rename it to "cross_domain.html" and it won't work.

<html>
<body>
<input type="button"
onclick="alert(XFRAME.document.body.innerText)"
value="Test"/>
<iframe id="XFRAME" width="100%" height="80%"
src="http://www.w3schools.com/xml/note.xml">
</iframe>
<body>
</html>

Kev