most javascript browsers generation 3 and over support the
<script src="http://..."></script>
among some nice tricks are the ones you can make by using this is having the
javascript included file do one or more 'document.write("watever here")', which
will fall exactly where you placed the <script tag.
This php class, and the associated example, will let you include page served from
anywhere in any javascript enabled browsers, and it works also if you open the
including page as a file on the filesystem
It is universal in the sense that it lets the included file
be anywhere, but it will not include 'any' file. If you want to use
it to include external pages, clean HTML works best.
Of course, it will javascriptize php pages dynamically generated
from a php enabled webserver
-It enables serving 'inclusions' as banners, news etc. to pages hosted
anywhere, even on the filesystem, or on pages on servers that do not
have php installed
-It enables appending more external pages to a single document.
-It enables, in conjunction with phplib for example
(see : http://lists.netuse.de//phplib/0001/0348.html), remote session
tracking.
-It can enable, with some extra parameter, the conditional inclusion
One thing to notice is that this 'alien written' piece of javascript or html, with
regards to cookies, has a whole new header and cookie restrictions
apply as a different domain.
Let me know what you think...
Giancarlo
ping@alt.it
More findings about the way it works:
-The included document, if not filtered, ha so be somewhat tidy and consistent,
not frameset, nor containing conflicting or external referencing javascript itself etc.
All relative paths in the included page will obviously be seen as local
-pages that contain Javascript themselves seem to mess up.
-what happens on timouts? would be good to use fgets with a time limit.
-filters? tidy makes a good filter: http://www.w3.org/People/Raggett/tidy/
WARNINGS
/* as of now I simply get the url */
/* you can invent more practical/blocking ways to pass the handle*/
/* and of course you'll want to add some restriction here,
as it is it can download anything from you filesystem
as well, password files etc.
it is recomended that you don't leave this to the public
access as it is. Use it to mediate between some php output
you generate yourself and can control, this is just an
example to start playing
*/
WARN !!
cert advisory alert against malicious HTML tags, in particular SCRIPTS
so is definitely better if you know what you have
http://www.cert.org/advisories/CA-2000-02.html
|