HTML / Javascript file system application security issue

Question

HTML / Javascript file system application security issue

I am compiling a small tool that some businessmen can run on their local file systems, because we do not want to set a host for it.

Basically, its just HTML + Javascript (using jQuery) pulls some reports using REST from a third party.

The problem is that FF3 and IE do not allow ajax call, I get:

Access to restricted URI denied" code: "1012

Obviously this is an XSS problem ... how do I get around it? The returned data is in XML format.

I tried to do it like this:

$.get(productUrl, function (data){
    alert (data);
});

EDIT . To be clear ... I am not setting up an internal host for this (the path to multiple tape), and we CANNOT accept it from the outside due to the data being retrieved.

EDIT # 2: , IFRAME . - , IFRAME?

+3

jquery filesystems ajax xss

FlySwat 02 . '08 18:40

3

Python, - ,

python -c "import SimpleHTTPServer;SimpleHTTPServer.test()"

: , , .

-1

Greg 02 . '08 18:50

, ? , . , script, ( XML). JavaScript . AJAX script. JSONP. .

.

<script>
    function callback(str) {
        alert(str);
    }
    function makeRequest(param) {
        var s = document.createElement('script');
        s.src = 'http://serveranywhere/script.bla?' + params;
        document.getElementsByTagName[0].appendChild(s);
    }
</script>

callback('<xml><that><does><something></something></does></that></xml>');

, script, , . jQuery , JSONP $.ajax. , .

-1

Morgan ARR Allen 03 . '08 12:02

Chris Lundie · Accepted Answer · 2008-10-03T00:06:05+0000

Mark Of The Web, HTML, IE . .

: MSDN

HTML / Javascript file system application security issue

More articles: