Pregolia javascript test

Written by Walter

Together with Mooby we just finished a javascript to show
a table with upcoming conferences on his new academic comunity site called pregolia.

What we wanted to do is use xmlhttp to generate a table with upcoming conferences. This by inserting the following tags. :
<script type="text/javascript">pregolia_user = "aliekens";
</script>
<script type="text/javascript" src="http://beta.pregolia.com/javascripts/conference_deadlines.js"/>

Inserting the above two lines in your own page would generate a html table
with your upcoming conferences right in your own page (much like google adds).

Everything was working fine when we tested it locally but when we
tried it out in production on our webserver (nerdhero.org) we bumped into this problem
cross-site xmlhttp request
is not allowed anymore due to security issues.

Basically the cross site xmlhttp requests are great for pregolia but also a security hole (hackers can use it to retreive information from foreign sites and even webmail services). So it was turned off, upcoming firefox will allow it again (ofcourse with some restrictions).

For now we are stuck though and need to reimplement the whole thing using JSON which does allow cross site & cross domain requests (because it is read only which less of a threat they say but IMHO its just as dangerous if used by a clever enough person. Anyways with json we will be able to get the pregolia feature working. IMHO they should have just closed the nasty stuff in xmlhttp for cross site instead of completely blocking it and that is just what the new firefox 3 browser will implement :). But it will be years before IE will do it probably so JSON is our best bet for now.




Back to archive