Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JavaScript XMLHttpRequest using JsonP

I want to send request parameters to other domain

I already know that Cross Scripting needs JsonP and I have used JsonP with Jquery ajax

but i do not figure out how to do Cross Scripting as using XMLHttpRequest

following code my basic XMLHttpRequest code.

i guess i need to chage xhr.setRequestHeader() and i have to add parsing code

please give me any idea

var xhr; function createXMLHttpRequest(){         if(window.AtiveXObject){         xhr = new ActiveXObject("Microsoft.XMLHTTP");     }else{         xhr = new XMLHttpRequest();     }        var url = "http://www.helloword.com";    }  function openRequest(){      createXMLHttpRequest();     xhr.onreadystatechange = getdata;     xhr.open("POST",url,true);     xhr.setRequestHeader("Content-Type",'application/x-www-form-urlencoded');     xhr.send(data);  }  function getdata(){     if(xhr.readyState==4){         if(xhr.status==200){             var txt = xhr.responseText;             alert(txt);         }     }    } 
like image 533
happenask Avatar asked Apr 01 '14 08:04

happenask


People also ask

Does JSONP use the XMLHttpRequest object?

JSONP does not use the XMLHttpRequest object.

Can JSONP execute JavaScript?

JSONP enables sharing of data bypassing same-origin policy, which disallows running JavaScript code to read media DOM elements or XMLHttpRequest data fetched from outside the page's originating site.

How do you call JSONP?

Method to use JSONP:In HTML code, include the script tag. The source of this script tag will be the URL from where the data to be retrieve. The web services allow to specify a callback function. In the URL include the callback parameter in the end.

Why is JSONP avoided?

JSONP is not actually JSON with padding, it's Javascript code that's executed. JSON is not a real subset of Javascript and the way it is not is important to us: via UTFGrid, we are all UTF-8 masters. JSONP is not safe: it's Javascript that's executed. It's trivial to XSS with JSONP, because JSONP is XSS.


1 Answers

JSONP does not use XMLHttpRequests.

The reason JSONP is used is to overcome cross-origin restrictions of XHRs.

Instead, the data is retrieved via a script.

function jsonp(url, callback) {     var callbackName = 'jsonp_callback_' + Math.round(100000 * Math.random());     window[callbackName] = function(data) {         delete window[callbackName];         document.body.removeChild(script);         callback(data);     };      var script = document.createElement('script');     script.src = url + (url.indexOf('?') >= 0 ? '&' : '?') + 'callback=' + callbackName;     document.body.appendChild(script); }  jsonp('http://www.helloword.com', function(data) {    alert(data); }); 

In interest of simplicity, this does not include error handling if the request fails. Use script.onerror if you need that.

like image 87
Paul Draper Avatar answered Sep 20 '22 16:09

Paul Draper