Hybrid View

  1. #1
    Ext User
    Join Date
    Apr 2007
    Posts
    8
    Vote Rating
    0
    king7532 is on a distinguished road

      0  

    Default iframeTagProxy ?

    iframeTagProxy ?


    Hey,

    For my web app, I need the ability to get HTML pages from other servers. With Ext's built-in HttpProxy the HTML pages must be on the same domain where my web app is located. Obviously this will not work me, but using an iframe tag you can give it any URL and it will get that page.

    Before I actually write any code, I was wondering if anyone else had the same problem and already wrote some code similar to what I would call an "iframeTagProxy" object?

    If you would be interested in such an object post some of your requirements/needs so I can make this as useful as possible.

    Benjamin

  2. #2
    Sencha User galdaka's Avatar
    Join Date
    Mar 2007
    Location
    Spain
    Posts
    1,166
    Vote Rating
    -1
    galdaka is an unknown quantity at this point

      0  

    Default


    Scripttagproxy support cross domain request

  3. #3
    Sencha - Community Support Team JeffHowden's Avatar
    Join Date
    Mar 2007
    Location
    Forest Grove, OR
    Posts
    1,038
    Vote Rating
    1
    JeffHowden is on a distinguished road

      0  

    Default


    You won't be able to read the src of an iframe that's got a document loaded from another domain. You'll run up against built-in browser domain security restrictions.
    Jeff Howden
    Ext JS - Support Team Volunteer
    jeff@extjs.com

    Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.

    Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.

  4. #4
    Ext User DigitalSkyline's Avatar
    Join Date
    Apr 2007
    Location
    Rochester, MI
    Posts
    461
    Vote Rating
    1
    DigitalSkyline is on a distinguished road

      0  

    Default


    Right, in order to do this you would need to scrape the data using your server and a XMLHttpRequest or equivalent as a proxy.

  5. #5

  6. #6
    Ext User
    Join Date
    Apr 2007
    Posts
    8
    Vote Rating
    0
    king7532 is on a distinguished road

      0  

    Default Subspace: Secure Cross-Domain Communication for Web Mashups

    Subspace: Secure Cross-Domain Communication for Web Mashups


    Check out this research paper presented at WWW 2007

    http://www2007.org/papers/paper801.pdf

    This paper shows the technique of nested iframes, to enable secure cross-domain communication. The technique relies on document.domain, and offers details on iframe security in the various browsers.

    I tried Googling for that javascript lirbary to no avail. I have emailed the authors and am waiting for a reply.

    There is enough detailed information in the paper to code this library in javascript. If I don't hear back from the author's I might get started coding it myself because its a really awesome technique for secure cross-domain communication using iframes

    Benjamin

  7. #7
    Sencha - Community Support Team JeffHowden's Avatar
    Join Date
    Mar 2007
    Location
    Forest Grove, OR
    Posts
    1,038
    Vote Rating
    1
    JeffHowden is on a distinguished road

      0  

    Default


    There's nothing particularly special or groundbreaking about the multi-iframe technique detailed in that paper. It still relies on all parties properly setting the document.domain to the same domain value. This simply isn't doable without nearly having source control of both ends of the transaction.

    The only reason for the multi-iframe approach is to keep the untrusted page from accessing things at the top-level that it shouldn't have access to. However, as both parties have to set the same document.domain setting, how untrusted is the other party really?

    For truly untrusted sites where you can't set document.domain, you're stuck with on solution.
    Jeff Howden
    Ext JS - Support Team Volunteer
    jeff@extjs.com

    Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.

    Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.