Ajax - Cross site scriptingXSS

I am loading content from another page and depending on the content of page, changing content of my page and this is giving me cross site scripting issues.

• When i use iframe, since the content is from other domain, content of iframe becomes inaccessible.
• When i use ajax and try to inject the content as plain html code, XmlHttpRequest object throws permission denied exception due to cross site scripting.
• When i use JSONP, such as getJSON in JQuery, it only supports GET protocol and it is not adequate for further processing.

I wonder what other options i can try. Heard that DOJO, GWT,Adobe Air do some XSS, but dont know which one is the best.

Thanks, Ebe.

Without JSON-P, your only option is to run a proxy script on your own server that fetches the content from the external site and pipes it back to the browser.

The browser fetches the content from the script on your server, hence no cross-domain issues, but the script on your server dynamically fetches it from the external site.

http://www.daniweb.com/code/snippet494.html http://www.daniweb.com/code/snippet494.html