- From: Doron Rosenberg <doronr@us.ibm.com>
- Date: Wed, 10 Nov 2004 09:51:26 -0600
- To: www-svg@w3.org
- Cc: Jim Ley <jim@jibbering.com>, "Boris Zbarsky" <bzbarsky@MIT.EDU>
- Message-ID: <OFE8417615.95C8C0F0-ON87256F48.0055E08E-86256F48.00571BC2@us.ibm.com>
>"Boris Zbarsky" <bzbarsky@MIT.EDU> >> Jim Ley wrote: >>> You always have to block random hosts - Mozilla is currently the only >>> browser to provide by default (and last I looked non-disablable) access >>> to non-originating hosts via javascript http requests. >> >> Were you referring to someother piece of javascript HTTP request >> functionality? > >Yep, the SOAP implementation: > >http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2004-July/001495.html > >Jim. Actually, it is possible in pretty much any modern browser to communicate with an non-originating host, using pure W3C standards and JavaScript. <html:script /> tags can reference JavaScript files from any domain, and the included script is executed as if it came from the originating host. So, using basic DOM operations, JavaScript can dynamically create new <script> elements, set the 'src' attribute to any domain, passing through data via the URL, and adding it to the DOM. By appending to the DOM, the URL gets loaded and the server can send over new data embedding in the loaded JavaScript. So when back at Netscape we added SOAP and WSDL functionality to Mozilla, allowing cross domain communication was not an issue, since its already doable. The only reason we implemented our web services security model (where the web service host has to explicitly say what domains can access it) was for intranet security - there are open web services inside intranets today, and if somehow someone outside knew the URl for it, and managed to get someone inside the firewall to access his webpage, that person would have been able to communicate with the intranet web service using the browser. Macromedia Flash implemented a similar model as well for its SOAP capabilities. Doron Rosenberg Browser Technology Center (Austin) IBM Emerging Technologies doronr@us.ibm.com | 1-512-838-9293
Received on Wednesday, 10 November 2004 16:33:40 UTC