I want to send request parameters to other domain
I already know that Cross Scripting needs JsonP and I have used JsonP with Jquery ajax
but i do not figure out how to do Cross Scripting as using XMLHttpRequest
following code my basic XMLHttpRequest code.
i guess i need to chage xhr.setRequestHeader()
and i have to add parsing code
please give me any idea
var xhr; function createXMLHttpRequest(){ if(window.AtiveXObject){ xhr = new ActiveXObject("Microsoft.XMLHTTP"); }else{ xhr = new XMLHttpRequest(); } var url = "http://www.helloword.com"; } function openRequest(){ createXMLHttpRequest(); xhr.onreadystatechange = getdata; xhr.open("POST",url,true); xhr.setRequestHeader("Content-Type",'application/x-www-form-urlencoded'); xhr.send(data); } function getdata(){ if(xhr.readyState==4){ if(xhr.status==200){ var txt = xhr.responseText; alert(txt); } } }
JSONP does not use the XMLHttpRequest object.
JSONP enables sharing of data bypassing same-origin policy, which disallows running JavaScript code to read media DOM elements or XMLHttpRequest data fetched from outside the page's originating site.
Method to use JSONP:In HTML code, include the script tag. The source of this script tag will be the URL from where the data to be retrieve. The web services allow to specify a callback function. In the URL include the callback parameter in the end.
JSONP is not actually JSON with padding, it's Javascript code that's executed. JSON is not a real subset of Javascript and the way it is not is important to us: via UTFGrid, we are all UTF-8 masters. JSONP is not safe: it's Javascript that's executed. It's trivial to XSS with JSONP, because JSONP is XSS.
JSONP does not use XMLHttpRequests.
The reason JSONP is used is to overcome cross-origin restrictions of XHRs.
Instead, the data is retrieved via a script.
function jsonp(url, callback) { var callbackName = 'jsonp_callback_' + Math.round(100000 * Math.random()); window[callbackName] = function(data) { delete window[callbackName]; document.body.removeChild(script); callback(data); }; var script = document.createElement('script'); script.src = url + (url.indexOf('?') >= 0 ? '&' : '?') + 'callback=' + callbackName; document.body.appendChild(script); } jsonp('http://www.helloword.com', function(data) { alert(data); });
In interest of simplicity, this does not include error handling if the request fails. Use script.onerror
if you need that.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With