parse xml in an iframe

I want to be able access an rss feed from js. I have the ability to configure both servers to use the same domain (but different subdomains - eg and I was hoping I could use the document.domain property to get around the xss issue. Here's a snippet (not actually live):

document.domain = ''; new Ajax.Request('', { \\error

However, that doesn't work. I couldn't find out if document.domain works for xhr requests, so I bagged that and switched to an iframe solution because I've done something similar in the past.

$('my_iframe').src=''; Event.observe($('my_iframe'), 'load', function() { try { log(this.contentDocument); //this displays just fine var entries = this.contentDocument.getElementsByTagName('entry'); //error

The weird thing is that I can view this.contentDocument in firebug, however it's the getElementsByTagName that errors with a "permission denied..." message.

Any thoughts on how to get either of these solutions to work would be awesome. I know I could do a proxy - that's not what I'm interested in.


This doesn't speak to the JS technicalities at all, but as a workaround, you could set up a server-side script on the same subdomain that just fetches what you need from the other subdomain.


apparently there is no way to do exactly this. Howver, I was able to come up with a decent solution. The rss xml is coming from blogger ( So I added a javascript function there that could make the xhr to the rss. Then this javascript sets it's document.domain to and makes a callback. To sum up:

Event.observe(window, 'load', function() { document.domain = ''; $('my_iframe').src=''; }); function renderFeed(feedXml) { ...

var url = ''; new Ajax.Request(url, { method: 'get', onSuccess: function(response) { document.domain = ''; top.renderFeed(response.responseXML); } });


You cant do that, it is not allowed by same origin policy

You can only set document.domain to the superdomain of the current domain, you do that but the same origin policy has to match the whole domain name that it is allowed ( !=


The problem is that document.domain needs to be set to both on the page loading the iframe and the page in the iframe. That gets a bit stupid in this case since you can't just put javascript into a rss feed, so you'll probably have to make some kind of gateway page on the same subdomain to load that page in a frame for you. Here's a lazy example of that:

<html> <frameset onload="document.domain='';window.frames['content_frame'].location=location.href.split('?request=')[1]"> <frame name=content_frame onload="window.frames['content_frame'].document.domain=''"> </frameset> </html>

So, assuming we call this "gateway.html" and you put this someplace inside the subdomain, you would go "gateway.html?request=" So, in this case, you would have to reference it through window.frames["my_frame"].window.frames["content_frame"] and you should get it.

NOTE: I haven't tested this code.


Following is an actually working code, parseXML is my wrapper around DOMXML, therefore, instead of that you can use window.frames["internal"].document as XML object. This works in Firefox and Opera. "this" does not work because "this" is iFrame "Element" not a frame. Sorry about language, but you will get the idea.

document.getElementById("internal").onload=function() { //wrap xml for easy usage var ret=parseXML(window.frames["internal"].document); //show what happened showResult(ret, [ new DataPair("başlık", "Eklenti Ekle"), new DataPair("nesne" , "Eklenti") ]); //no error if(ret.findNodeValue("error")=="no") { //close eklentiEkleKapat(); //Protection from refresh document.getElementById("internal").onload=function() {} window.frames["internal"].location.href="about:blank"; //activate attachments tab tab_eklentiler.activate(true); } } //I actually use a form to post here document.getElementById("internal").location.href="target.php";

人吐槽 人点赞



用户名: 密码:
验证码: 匿名发表


查看评论:parse xml in an iframe