There is a service I'm using which allows me to add Javascript to their pages in a sandboxed iFrame. However, obviously, browsers are not allowing us to read data from the parent document.
So I was wondering if it's possible to listen to a specific Ajax call from inside that iFrame (the Ajax call will be made from the parent document)? Can we somehow see what XMLHTTP requests are being sent?
Ideally with vanilla Javascript.
Related
Are the responses/payloads of previously made HTTP requests accessible programmatically via Javascript?
I’d like know, if in the same way hackers can use XSS to access cookies/localStorage stores in the browser, can they access data from previously made HTTP requests (since the browser DevTools has the previous requests listed and visible in the network tab).
They are only accessible if code runs before or during the request that programatically saves the response. For example, one could overwrite window.fetch and save (but pass through) all requests and responses, or do the same for XMLHttpRequest, or save the result of a request normally inside a .then or in an onload handler.
Devtools does have access to prior requests, but devtools has access to many things that can't be done via JavaScript - this is one of them.
Is there a way to convince window.postMessage (https://developer.mozilla.org/en/DOM/window.postMessage) make a POST and not a GET? Probably not, although I couldn't find this limitation in the docs.
postMessage does not (and cannot) make any kind of HTTP request. It causes a message event to be fired in the JavaScript environment of the target window.
JavaScript in the document loaded in the target window might respond to the event by doing something that triggers an HTTP request, but that is specific to the code in that page.
I am writing an app using requireJS and the text.js extension. I now have a bunch of unstyled html templates that get their style once they are loaded into the parent template. Everything works fine. The only issue I have is that users can technically visit the url of the template and see an unstyled html page. Is there anyway to detect that these requests come from an AJAX request invoked by javascript vs a request that came directly from the user using a browser?
Is there anyway to detect that these requests come from an AJAX
request invoked by javascript vs a request that came directly from the
user using a browser?
It depends on how you are making the AJAX requests but most frameworks add some custom header. For example jQuery adds the X-Requested-With: XMLHttpRequest request header on each AJAX request. This header can be used on the server to determine whether it was an AJAX request or not. And if the framework you are using to make an AJAX request doesn't add any custom headers you could add one manually yourself.
I want to use javascript to open one text file in child window, and then read the content to the parent window. How to implement it?
The code like below, if the data.xml is not HTML page, how to get the content to the parent window through javascript?
function op() {
win = window.open("http://xxx.bb.com/data.xml", "win", "width=200,height=200")
}
You have already tried XmlHttpRequest and fallen foul of the cross-domain restriction. A web page (and code contained in it) can only manipulate data or elements of another if both pages are in the same domain. You will run into the same cross-domain restriction with two windows.
The correct method is to use XmlHttpRequest but ensure that the target of that request is in your domain. That will probably involve the creation of a proxy script on your server which can serve pages or data from other domains. Your page requests your script to get the external data; the script gets the data and serves it. Because the script in your domain, the data appears to come from your domain and it's not subject to cross-domain restrictions.
Simple PHP proxy script
If the data you are attempting to get at is not yours, you should really ask permission to deal with it or republish it. Are web developers allowed to scrape html content? (The accepted answer is not the best answer)
I have started working on JavaScript. I want to count the number of frames/anchors on yahoo homepage without opening it(means I don't want to load the page in another window or frame). I didn't find a proper solution for this without using AJAX.Can't we create a document object referring to remote page?
As I am using JavaScript without any framework, can someone guide me how to do this?
You have very few options if you're working on the client side only. This is primarily because you'll be dealing with the dreaded, but necessary, cross-domain policy. However, even if you don't have cross scripting issues, it won't be possible to accomplish this without AJAX. You'll need to make a request to a server for the page's HTML somehow. I would suggest taking a look at YQL as it appears to solve the cross-domain issue.
You'll have to execute an HTTP request to get the HTML string to feed into a DOM object. AJAX is the easiest way to do that, why do you want to avoid AJAX?
In plain old Java you can create a DocumentBuilder and source a document with a URL, but I don't believe this is available in javascript.