parse xml in an iframe

I want to be able access an rss feed from js. I have the ability to configure both servers to use the same domain (but different subdomains - eg static.benanderson.us and tech.benanderson.us). I was hoping I could use the document.domain property to get around the xss issue. Here's a snippet http://static.benanderson.us/example.js (not actually live):

document.domain = 'benanderson.us'; new Ajax.Request('http://tech.benanderson.us/feeds/posts/default', { \\error

However, that doesn't work. I couldn't find out if document.domain works for xhr requests, so I bagged that and switched to an iframe solution because I've done something similar in the past.

$('my_iframe').src='http://tech.benanderson.us/feeds/posts/default'; Event.observe($('my_iframe'), 'load', function() { try { log(this.contentDocument); //this displays just fine var entries = this.contentDocument.getElementsByTagName('entry'); //error

The weird thing is that I can view this.contentDocument in firebug, however it's the getElementsByTagName that errors with a "permission denied..." message.

Any thoughts on how to get either of these solutions to work would be awesome. I know I could do a proxy - that's not what I'm interested in.


This doesn't speak to the JS technicalities at all, but as a workaround, you could set up a server-side script on the same subdomain that just fetches what you need from the other subdomain.


apparently there is no way to do exactly this. Howver, I was able to come up with a decent solution. The rss xml is coming from blogger (tech.benanderson.us). So I added a javascript function there that could make the xhr to the rss. Then this javascript sets it's document.domain to benanderson.us and makes a callback. To sum up:


Event.observe(window, 'load', function() { document.domain = 'benanderson.us'; $('my_iframe').src='http://tech.benanderson.us/2001/01/js.html'; }); function renderFeed(feedXml) { ...


var url = 'http://tech.benanderson.us/feeds/posts/default'; new Ajax.Request(url, { method: 'get', onSuccess: function(response) { document.domain = 'benanderson.us'; top.renderFeed(response.responseXML); } });


You cant do that, it is not allowed by same origin policy

You can only set document.domain to the superdomain of the current domain, you do that but the same origin policy has to match the whole domain name that it is allowed (tech.benanderson.us != benanderson.us)


The problem is that document.domain needs to be set to benanderson.us both on the page loading the iframe and the page in the iframe. That gets a bit stupid in this case since you can't just put javascript into a rss feed, so you'll probably have to make some kind of gateway page on the same subdomain to load that page in a frame for you. Here's a lazy example of that:

<html> <frameset onload="document.domain='benanderson.us';window.frames['content_frame'].location=location.href.split('?request=')[1]"> <frame name=content_frame onload="window.frames['content_frame'].document.domain='benanderson.us'"> </frameset> </html>

So, assuming we call this "gateway.html" and you put this someplace inside the tech.benanderson.us subdomain, you would go "gateway.html?request=http://tech.benanderson.us/feeds/posts/default" So, in this case, you would have to reference it through window.frames["my_frame"].window.frames["content_frame"] and you should get it.

NOTE: I haven't tested this code.


Following is an actually working code, parseXML is my wrapper around DOMXML, therefore, instead of that you can use window.frames["internal"].document as XML object. This works in Firefox and Opera. "this" does not work because "this" is iFrame "Element" not a frame. Sorry about language, but you will get the idea.

document.getElementById("internal").onload=function() { //wrap xml for easy usage var ret=parseXML(window.frames["internal"].document); //show what happened showResult(ret, [ new DataPair("başlık", "Eklenti Ekle"), new DataPair("nesne" , "Eklenti") ]); //no error if(ret.findNodeValue("error")=="no") { //close eklentiEkleKapat(); //Protection from refresh document.getElementById("internal").onload=function() {} window.frames["internal"].location.href="about:blank"; //activate attachments tab tab_eklentiler.activate(true); } } //I actually use a form to post here document.getElementById("internal").location.href="target.php";


  • Replacing accents w/ their counterparts in AS3
  • Are there any fluent WPF projects? [closed]
  • Simple Injector fails if using verify before setting dependency resolver for MVC 4
  • Deployments not visible in Kubernetes Dashboard
  • MySQL multiple IN conditions to subquery with same table
  • C# 4 and CLR Compatibility
  • Want to save selected (i.e., more than 1) enums as string with NHibernate
  • maven jboss-as:start A required class was missing … org/sonaty…/ArtifactResolutionException
  • CSS how to fix an element to scroll horizontally with the page but not vertically?
  • How to synchronize two scrollview in Android?
  • Send emails through VB6 if no email client
  • auth.provider is not set to 'password' when user signs-in with email and password
  • php is_file always return false
  • PHP multiple file uploads
  • Merge Module leaving files during uninstall
  • how to populate a SQLite database and use that database in phonegap?
  • Can my PDF ping my server when it is opened?
  • HttpURLConnection.getOutputStream() takes 20 seconds. Why?
  • How to retrieve information from antrun back to maven?
  • Retrieve IP address of device
  • Creating a DropDownList
  • cygwin cannot exec 'git-add--interactive' permission denied
  • Authentication in Play! and RestEasy
  • How to revert to previous XCode version?
  • Get history of file changes from TFS to implement custom “blame”-behaviour of exceptions
  • Android activity accessing service's static reference before the service is ready
  • How to match http request and response using Jersey ContainerRequestFilter and ContainerResponseFilt
  • Make VS2015 use angular-cli ng at build time in a .NET project
  • How to set ini file attributes during an Inno install
  • NHibernate Validation Localization with S#arp Architecture
  • How can I send an e-mail from a vbs script
  • Accessing IRQ description array within a module and displaying action names
  • How would I use PHP exceptions to define a redirect?
  • ILMerge & Keep Assembly Name
  • Where to put my custom functions in Wordpress?
  • Apache 2.4 - remove | delete | uninstall
  • Numpy divide by zero. Why?
  • Unit Testing MVC Web Application in Visual Studio and Problem with QTAgent
  • Getting Messege Twice Using IMvxMessenger
  • Converting MP3 duration time