AJAX In Action [260]
This window shows the RSS
feeder being paused since
the center button is now
labeled RESUME.
Licensed to jonathan zheng 534 CHAPTER 13 Building stand-alone applications with Ajax have created, the RSS viewer allows us to read the feeds from our desktops without visiting the individual websites that host the feeds. 13.6 Avoiding the project’s restrictions With the Ajax-based RSS syndication feed reader that we have developed, we are able to view RSS feeds from an HTML file stored on the desktop with no serverside code required. We can use this application to grab the RSS feeds we read without having to go to the websites. We may want to offer this page as a download for the users on our websites. We can set it up to read our site’s RSS feeds. Because we can run this script on our website too, we can use it for other things as well. One use can be a banner ad rotator, a company news banner, or anything else we can think of. But there are some limitations to what this script can do, and we may have trouble running this application with Mozilla on our desktop. 13.6.1 Overcoming Mozilla’s security restriction Unlike Microsoft Internet Explorer, Firefox and Mozilla cannot execute the application from our desktop due to security restrictions. The security restrictions keep Ajax from communicating from our desktop to other websites since they want to protect us from having code send information without our knowledge. To verify that this is the problem with the Ajax script, we need to look for an error message. In Mozilla, we need to open up the JavaScript Console. The JavaScript console is located under Tools > Web Development > JavaScript Console (figure 13.12). When we click on the JavaScript Console menu option, another window opens (figure 13.13). Figure 13.12 In Mozilla, choose Tools > Web Development > JavaScript Console. Licensed to jonathan zheng Avoiding the project’s restrictions 535 Figure 13.13 The permission denied error message caused by the XMLHttpRequest object In figure 13.13, we see a permission denied error caused by the XMLHttpRequest object. There are two ways to correct this. The first is to go into the configuration file of Mozilla and set the permission setting to allow the XMLHttpRequest object to perform its desired task. To do this, we type about:config into the address bar of the browser and adjust the setting, but that is not a safe procedure to perform. The reason it is not safe is that we are enabling it for anything that runs on our computer. That means any script that wants to talk to the outside world would be able to do so. How can we avoid this and allow only our Ajax application to talk to the outside? The solution is to set the security with JavaScript. We showed how to do this in chapter 7, provided the browser is configured to listen to programmatic requests to the Privilege Manager, but let’s recap briefly here. Listing 13.18 shows the generic code for enabling the additional privileges required to read external resources. Listing 13.18 Security Privilege Manager code if(window.netscape && window.netscape.security.PrivilegeManager.enablePrivilege) netscape.security.PrivilegeManager.enablePrivilege( 'UniversalBrowserRead'); In listing 13.18, we check if we can access the Privilege Manager. If we can, we enable the UniversalBrowserRead privilege. We need to add this code in two separate places inside our ContentLoader object that handles the Ajax functionality. The first place we need to add it is directly after the loadXMLDoc declaration, as shown in listing 13.19. Listing 13.19 Code placement for loadXMLDoc net.ContentLoader.prototype.loadXMLDoc = function( url,method,params,contentType){ if(window.netscape && window.netscape.security.PrivilegeManager.enablePrivilege) netscape.security.PrivilegeManager.enablePrivilege( 'UniversalBrowserRead'); Licensed