A blend of programming and seo

Category — ajax

Using iframes for cross-site scripting

by Roy (rawseo)

Here is an easy way to communicate different domains using frames:

Step 1: Create a file called iframe_remote.htm with the following:

<html>
    <script type="text/javascript">
      window.name="my test data";
    </script>
  </html>

The above code contains the data that you want to return to your calling script. I used a simple example with static data. Instead, a PHP (or any other programming language) script could be used to dynamically return data depending on the parameters (this data could also be JSON or XML).

Step 2: create a file called iframe.htm with the following:

<html>
<head>
<script language="javascript">
function loadFrame()
{
    var crossData = "";
    try
    {
    crossData = document.getElementById('cframe').contentWindow.name;
    alert("data: "+crossData);
    } catch(err) {}
}

function setFrame()
{
    document.getElementById('cframe').src = 'iframe_dummy.htm';
}
</script>
</head>
<body>
<iframe id="cframe" name="test" src="http://yourdomain.com/iframe_remote.htm" onLoad="loadFrame()" style="display:none"></iframe>
<input type="button" value="Get Remote data" onclick="setFrame()">
</body>
</html>

Set the iframe src to the full path of iframe_remote.htm. This file should also be placed on the domain that is retrieving the remote data. You should also create a file on the same server as iframe.htm called iframe_dummy.htm.

This technique currently works in all major browsers.

How it works

Under normal circumstances, you can’t access remote data or properties in a frame across different domains due to security measures in place by your browser. The iframe name is the key to retrieving cross-domain data. The above code first loads an iframe with javascript that sets the iframe’s window.name property. After this, the iframe src is dynamically changed to a local file, the windows.name property is not changed, and your browser sees this as a file on the same domain.

April 21, 2009   4 Comments

How to stop IE from caching AJAX requests

by Roy (rawseo)

While working on an AJAX project over the weekend, I ran into the following issue: (through a GET request), every time I tried to call a certain function, It was returning the same data (which was supposed to be different each time)

I first tried the following (which should disable browser caching):

(in PHP)

header( “Expires: Mon, 26 Jul 1997 05:00:00 GMT” );
header( “Last-Modified: ” . gmdate( “D, d M Y H:i:s” ) . ” GMT” );
header( “Cache-Control: no-cache, must-revalidate” );
header( “Pragma: no-cache” );

The data still did not change.

I finally came to the following solutions:

1) use a POST request. When using with xmlhttprequest, it is slightly more complicated.

2) add a unique identifier to the end of my GET url.

I choose #2. A unique Identifier can be created using the current data+time. Here is a simple way to generate this (in Javascript):

var date = new Date();
var timestamp = date.getTime();

createXMLHttpRequest();
xmlHttp.onreadystatechange = handleMessages;
xmlHttp.open(”GET”,”script.php?time=”+timestamp,true);
xmlHttp.send(null);

April 2, 2009   5 Comments