Immo Huneke wrote: A well written article, an ingenious solution to a real problem often encountere...
Jan. 6, 2009 08:14 AM
|
 |
 |
|
|
|
YOUR FEEDBACK
Did you read today's front page stories & breaking news?
SYS-CON.TV
|
TOP THREE LINKS YOU MUST CLICK ON Commentaries Cross-Domain JSON with Silverlight Avoids crossdomain.xml Restriction
One of Silverlight’s advantages over Flash is the relatively effortless interop with AJAX
By: Joshua Allen
Dec. 4, 2008 11:15 AM
Joshua Allen's Blog If you’re doing pure AJAX, you can get around these cross-domain restrictions by using JSON. One of Silverlight’s advantages over Flash is the relatively effortless interop with AJAX. The other day, I needed to mash up some JSON data from various sites, and found it pretty easy to use AJAX to circumvent the crossdomain.xml restriction. In the next month or two, my team will release a simple library to make this generic, but in the meantime here is an explanation for anyone who is blocked: Step 1: Call into JavaScript from Silverlight, passing the URL of the JSON API: HtmlPage.Window.Invoke("injectScript", url); Step 2: The JavaScript Function “injectScript” looks like this: function injectScript(url) {
var head = document.getElementsByTagName(‘head’)[0];
var script = document.createElement(’script’);
script.type = ‘text/javascript’;
script.src = url;
head.appendChild(script);
};
Step 3: Have the JSON script call back to a function in your page called “callback”: function callback(obj) {
var silverlight = document.getElementById("silverlight");
if (silverlight) {
silverlight.Content.Page.PassData(JSON.stringify(obj));
}
}; Step 4: The callback() JavaScript function passes the data into Silverlight, where it is loaded into a JsonObject: [ScriptableMember]
public void PassData(string data)
{
JsonObject data = … }
IMO, this code is cleaner and faster than the standard technique of creating a “WebRequest” from Silverlight. And of course, a WebRequest will fail if the crossdomain.xml is missing.
So, is this a security hole? No! All web browsers on the planet allow cross-domain access to JSON, and if JsonObject.Parse had a “url” parameter, we presumably wouldn’t need to check for crossdomain.xml. The current restrictions in Silverlight undoubtedly result from the fact that WebRequest doesn’t know whether its result is intended for Json, XML (which all web browsers restrict by default), or something else.
YOUR FEEDBACK
LATEST AJAXWORLD RIA STORIES
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
|
SYS-CON FEATURED WHITEPAPERS MOST READ THIS WEEK |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
| | | | | | | | |
|
|
|
|
|
|
| | | | | | | | | | | | | | | | |
|
|
| SYS-CON MEDIA: | | | | |
| SYS-CON EVENTS: | | | | | |
| INTERNATIONAL SITES: | | | | | | | | | | |
 |
Terms of Use & Our Privacy Statement  About Newsfeeds / Video Feeds |
| Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media. |
| Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited. |
.gif)
Let’s face it - 2008 was a real slog. Even the most wide-eyed optimist would agree that this was one year whose end was long overdue. Of course, ringing in the New Year doesn’t somehow wash away what has become a fairly deep recession, but it does symbolize the fresh start th...
