Under the covers it might be using a Script transport but that is not what I
intended. Here is the code I am using:
var rpc = new qx.io.remote.Request();
rpc.setResponseType('text/plain');
rpc.setUrl("http://www.solumina.com/webexpress/showme2.txt";);
rpc.setCrossDomain(true);
rpc.addEventListener('completed', function(e){
// this code never gets executed because the eval on the content
occurs first.
var s = e.getData().getContent();
mainWin.info(s);
})
rpc.send();
I can work around this instance by creating script in the txt file to do
some work, but for some other things I have in mind I simply want to get the
contents of a page/file on the web and then parse the contents. The file
will not contain executable code so it will cause an error if the transport
tries to execute it.
Thanks,
Jim
On 10/8/07, Andreas Junghans <[EMAIL PROTECTED]> wrote:
>
> Hi there,
>
> Am 08.10.2007 um 20:50 schrieb Derrell Lipman:
>
> > On 10/8/07, Jim Hunter <[EMAIL PROTECTED]> wrote:
> >> I have one question... why does qooxdoo execute a text file when
> >> it is
> >> returned via qx.io.remote.Request? The file has a TXT extension
> >> and the
> >> header says that it is of type 'text/plain', so why does qooxdoo
> >> execute/eval the content of the file?
>
> Quite simple: The script transport works via dynamically creating
> script tags. So it's only natural that the browser tries to "execute"
> the contents.
>
> >> I should be able to simply download a
> >> file for later parsing and using without qooxdoo acting upon the
> >> file. Is
> >> there a setting to turn this action off that I am overlooking?
>
> No, you're not overlooking anything. The Script transport simply
> _cannot_ just access an arbitrary resource. This is actually a good
> thing, because otherwise we'd have a security problem (the "same-
> domain" policy of the browser would be violated).
>
> In order to use the Script transport, you have to prepare the server
> for it (you can look at the RPC backend implementations for
> examples). In short, the server has to wrap the actual response
> content inside a piece of JavaScript.
>
> > What MIME type did you specify in the request? text/plain? If so, I
> > see no reason that it should be eval'ed other than a buggy code path.
> > If you specified javascript or json, that would explain why it's being
> > eval'ed. In that case, you lied about the returned content type and
> > the code is treating it as what you specified.
>
> The MIME type doesn't matter here - the Script transport just works
> differently than the other transports (and it has to because of
> security limitations).
>
> @Derrell: I would be very interested in the other transport method
> you mentioned in this thread (something about fragment identifiers).
> While Script transport is quite usable, another alternative would be
> nice. However, if it allows you to access arbitrary content from
> other servers (without having to prepare these servers in any way),
> it would actually be a security problem that should be fixed in the
> browser (at least if cookies are sent to the server).
>
> Regards,
>
> Andreas
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> qooxdoo-devel mailing list
> qooxdoo-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
qooxdoo-devel mailing list
qooxdoo-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
