F
Florian Leitner
Hello,
currently I am trying to figure a solution to the XSS security in
JavaScript when I want to use webservices:
My goal is to build a webpage that makes a SOAP call on the client side
to fetch data from another domain, and mix this data with annotations
our domain will provide. The important point is that the SOAP request to
the other domain has to come from the client, as the number of requests
per day is limited and the policy of their service does not allow the
distribution of their data by third parties, therefor the clients have
to fetch the data "by themselves". As the XmlHttpRequest can only be
used on the original domain, the best workaround I can imagine so far is
to add a Java Applet which will run the SOAP request and then access the
data using document.myApplet.getSOAPResultData()
Is this the only way to circumvent this problem? Could I somehow
propagate the request to the SOAP server without making the SOAP server
register my IP as the client IP, but the IP of my clients (because of
the daily limit; using a proxy would make the server register my IP
versus the daily limit, no?).
Any hints or links on how to call cross-domain webservices in JS are
welcome! Thanks.
-Florian
currently I am trying to figure a solution to the XSS security in
JavaScript when I want to use webservices:
My goal is to build a webpage that makes a SOAP call on the client side
to fetch data from another domain, and mix this data with annotations
our domain will provide. The important point is that the SOAP request to
the other domain has to come from the client, as the number of requests
per day is limited and the policy of their service does not allow the
distribution of their data by third parties, therefor the clients have
to fetch the data "by themselves". As the XmlHttpRequest can only be
used on the original domain, the best workaround I can imagine so far is
to add a Java Applet which will run the SOAP request and then access the
data using document.myApplet.getSOAPResultData()
Is this the only way to circumvent this problem? Could I somehow
propagate the request to the SOAP server without making the SOAP server
register my IP as the client IP, but the IP of my clients (because of
the daily limit; using a proxy would make the server register my IP
versus the daily limit, no?).
Any hints or links on how to call cross-domain webservices in JS are
welcome! Thanks.
-Florian