martes, 18 de enero de 2011

ajax cross domain

i need to do ajax cross site scripting

there are several technics, all with its limitations

* flash: needs security policy file in the target server

* javascript : needs security policy file in the target server

* cssHttpRequest ( works fine but it is considered a bug and it is fixed in new versions of some browsers like FF or webkit, so IMHO it is not recommended to use this in your products.

* using an iframe: it is tricky and didn't worked for me

* an approach like wirks very good, but the service offered by it's only for demo porpuses and very limited.

In this article I will examplain how to make your own service like for free:


file curl.php

$curl_url = $_GET["url"];
/*echo "url = " . $curl_url;*/
$curl_limit_size = 20000; /* ~20kb */
$curl_handle = curl_init($curl_url);
$data_string = "";

function write_function($handle, $data) {
global $data_string;
global $curl_limit_size;
$data_string .= $data;
if (strlen($data_string) > $curl_limit_size) {
return 0;
return strlen($data);

function escapeJavaScriptText($string) {
return str_replace("\n", '\n', str_replace('"', '\"', addcslashes(str_replace("\r", '', (string)$string), "\0..\37'\\")));

you can disable the code here ->

No hay comentarios: