Best Practice: Legitimate Cross-Site Scripting

Question

While cross-site scripting is generally regarded as negative, I\'ve run into several situations where it\'s necessary.

I was recently working within the confines of

Answer 1

I've come across that YDN server side proxy script before. It says it's built to work with Yahoo's Search APIs.

Will it work with any domain, if you simply trim the Yahoo API code out? Or do you need to replace it with the domain you want it to work with?

Answer 2

You could try easyXDM, by including very little code, you can pass data or method calls between documents of different domains.

Answer 3

iframe remote content can be accessed by local javascript.

The remote server just have to set the document.domain of the page.

Eg:

Site A contain an iframe with src='Site B/home.php'

home.php looks like this :

[php stuff]...[/php]
[script type='text/javascript']document.domain='Site A'[/script]

Answer 4

You've got three choices:

1. Create a server side proxy script.

2. Create a remote script to read in remote dynamic HTML. Use a library like jQuery to make this easier. You can use the load function to inject HTML where needed. EDIT What I originally meant for example # 2 was utilizing JSONP, which requires the server side script to recognize the "callback=?" param.

3. Use a client side Flash proxy and setup a crossdomain.xml file on your server's web root.

Answer 5

Personally, I would call to that other domain on the server and get and parse the data there for use in your page. That way you avoid any problems and you get the power of a server-side language/platform for getting and parsing the data.

Not sure if that would work for your specific scenario...hard to know even with your verbose description...