cURL in javascript?

Hi All!
Is there any method/functionality in Javascript by which one can call remote server(script) , just like CURL in PHP?

Do you need to read the response data, or just send data?
Is the domain different? If so, do you have the ability to host a script on the other domain?

1)I have to read the remote page data from my script.
2)My script code can be put in any page of any domain(copy-paste),including mine.
3)I needed a javascript code/functionality/resource and not a server side script to accomplish this task.

#2 can be accomplished by hosting a .js file on your server, and then directing other sites to include it with a script tag.

#1 is a problem since, Ajax calls can only be made to URLs within the same domain.

#3 - well it depends what you want JavaScript to do…

#1 can be overcome, using the same technique as #2: if you have control over the ‘remote data’ you can serve it as a JavaScript source file.

The only way to read a remote site from JavaScript is with the assistance of a server side script on your own domain to act as an intermediary. The JavaScript calls the intermediary which calls the remote site. JavaScript can’t access a domain different from the page it is currently loaded in.

Cross site XMLHttpRequests will be in browsers soon.

However, at the moment, the only reliable cross site http requests in browser javascript is through including a javascript file.

You can actually include a file from a remote server, thus you can have a proxy on a remote server as opposed to adding extra load to your own server.

For example, you can create a Yahoo Pipe, that will take RSS feeds, and return it as JSON. Include that as a JavaScript file, and you have achieved a cross site HTTP.

Other options:

There is an implementation here that converts XML to JSON.

Here is one I set up, with a JS library, that can request any webpage and return XML, or the content as a string if it can’t be parsed as XML.

Another option is using Flash, but is isn’t as supported as JavaScript. This will however require that each page you request has a cross-domain policy file that allows your domain to request it.

I am thinking of using JSON.But I’ve no idea on how to get started?
Tips and ideas and resources are highly appreciated.

Cross site XMLHttpRequests will be in browsers soon.

Does “soon” mean anything special over at Microsoft?

Search cross domain javascript.

Soon in that context means before the next century starts.

Actually I can think of no reason why browsers would rush to implement a security hole like that when they have previously gone to so much trouble to block that hole as it was being exploited and would be again were it to be reopened.

Soon means in the near future, so keep it in mind. Browsers are updating a lot faster then they used to. Users are also updating their browsers a lot faster then they used to.

Cross domain access is not a security hole.

Thats like saying the web is a security hole because you can fire up a browser and view a website that may put malicious software on your computer. Thus you should eliminate the creation of a browser or the web.

Cross domain access is opt in. You will have to specifically enable access to your domain from another domain, to use it. No other domains will be able to access it. It is similar to how you enable cross domain policy files in flash or, how you allocate MX records for another domain to receive and transfer mail on your behalf. These are secure and very beneficial standards.

This is not the same as unauthorized XSS, which is a security hole that will be here till the next century, long after cross domain access is a common feature of the browser.

That still only means it will work if the other site grants permission (which they could easily do now by hosting your JavaScript file). The server side intermediary allows the remote access even without the remote site giving permission.

I am thinking of using JSON.But I’ve no idea on how to get started?
Tips and ideas and resources are highly appreciated.

JavaScript can convert JSON natively since it is a subset of JS. However, this sin’t recommended for untrusted resources.


For converting the JSON string into JavaScript objects.

If you’re using a common JS library, it will usually have this built in.

True. But with hosting a javascript file both the remote site and local site are putting themselves at risk of cross site scripting with current <script> includes.

The cross site requests will actually solve a huge part of the security issue, since you can request any content type, not just javascript from an remote host. For example, it is harder to put an XSS attack in XML or HTML then directly in JavaScript.