Ask Question Forum:
Model Library:2025-02-08:A.I. model is online auto reply
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by stuengelman
at 2024-08-03 23:54:57
Point:500 Replies:33 POST_ID:828696USER_ID:11589
Topic:
Microsoft Development;Internet Protocols;Web Browsers
Hello,
I am trying to do a Javascript AJAX call to an ASP Classic script hosted at another domain at a different host. My Javascript and ASP Classic script appear below. The basic idea is that the ASP Classic script reads a MySQL DB table and is intended to pass back information to display within a SPAN element in the calling web page, using querystring input from the Javascript to determine which DB table record to work with.
I've tested the ASP Classic script by invoking it directly from its host in my browser, and it works perfectly. I've also set up headers in the ASP Classic script to permit cross-domain AJAX when the calling Javascript is hosted at the operant domain.
The code fails to return any result in MSIE, Firefox, and Chrome. In MSIE, I get a runtime Javascript error saying "permission denied."
Here is the Javascript code:
-------------------------------------------
function zip_onfocusout(inzip) {
var xmlhttp;
if (window.ActiveXObject) {//MSIE
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} else {//Other Browsers
xmlhttp = new XMLHttpRequest();
}
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
document.getElementById("statedisplay").innerText=xmlhttp.responseText;
}
}
xmlhttp.open("GET","http://www.leadtothetop.com/getstate.asp?zip="+inzip,true);
xmlhttp.send();
}
Here is the ASP Classic Script:
-----------------------------------------------
<%@ Language=VBScript %>
<!--#include file="system/adovbs.inc"-->
<%Response.AddHeader "Access-Control-Allow-Methods","GET, OPTIONS"
Response.AddHeader "Access-Control-Allow-Credentials","true"
Response.AddHeader "Access-Control-Allow-Origin","http://www.legalhelprightnow.org, http://legalhelprightnow.org"
Response.AddHeader "Access-Control-Allow-Headers","*"
if isnumeric(Request.QueryString("zip")) and Request.QueryString("zip")<>"" then
set CN=server.CreateObject("ADODB.Connection")
CN.Open "dsn=" & application("dbodbcdsn"),application("dbusername"),application("dbpassword")
set RS=server.CreateObject("ADODB.Recordset")
SQL="select State from zipcodes where ZipCode=" & Request.QueryString("zip") & ";"
RS.Open SQL,CN,adOpenStatic,adLockReadOnly
if not RS.EOF then
Response.Write("(" & RS("State") & ")")
else
Response.Write("(State Not Found)")
end if
RS.Close
set RS=nothing
CN.Close
set CN=nothing
elseif Request.QueryString("zip")<>"" then
Response.Write("(Zip Not Valid)")
else
Response.Write("")
end if%>
The basic idea is that someone enters a zip code into a textbox on the calling page, and after moving mouse focus to the next control, the AJAX call is intended to fill a SPAN element with the associated two byte state abbreviation within parentheses.
Are my ASP classic headers wrong, or is something else causing the problem?
My PC is running Windows XP, and the ASP Classic host is running Windows 2008.
Thanks very much,
Stu Engelman
I am trying to do a Javascript AJAX call to an ASP Classic script hosted at another domain at a different host. My Javascript and ASP Classic script appear below. The basic idea is that the ASP Classic script reads a MySQL DB table and is intended to pass back information to display within a SPAN element in the calling web page, using querystring input from the Javascript to determine which DB table record to work with.
I've tested the ASP Classic script by invoking it directly from its host in my browser, and it works perfectly. I've also set up headers in the ASP Classic script to permit cross-domain AJAX when the calling Javascript is hosted at the operant domain.
The code fails to return any result in MSIE, Firefox, and Chrome. In MSIE, I get a runtime Javascript error saying "permission denied."
Here is the Javascript code:
-------------------------------------------
function zip_onfocusout(inzip) {
var xmlhttp;
if (window.ActiveXObject) {//MSIE
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} else {//Other Browsers
xmlhttp = new XMLHttpRequest();
}
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
document.getElementById("statedisplay").innerText=xmlhttp.responseText;
}
}
xmlhttp.open("GET","http://www.leadtothetop.com/getstate.asp?zip="+inzip,true);
xmlhttp.send();
}
Here is the ASP Classic Script:
-----------------------------------------------
<%@ Language=VBScript %>
<!--#include file="system/adovbs.inc"-->
<%Response.AddHeader "Access-Control-Allow-Methods","GET, OPTIONS"
Response.AddHeader "Access-Control-Allow-Credentials","true"
Response.AddHeader "Access-Control-Allow-Origin","http://www.legalhelprightnow.org, http://legalhelprightnow.org"
Response.AddHeader "Access-Control-Allow-Headers","*"
if isnumeric(Request.QueryString("zip")) and Request.QueryString("zip")<>"" then
set CN=server.CreateObject("ADODB.Connection")
CN.Open "dsn=" & application("dbodbcdsn"),application("dbusername"),application("dbpassword")
set RS=server.CreateObject("ADODB.Recordset")
SQL="select State from zipcodes where ZipCode=" & Request.QueryString("zip") & ";"
RS.Open SQL,CN,adOpenStatic,adLockReadOnly
if not RS.EOF then
Response.Write("(" & RS("State") & ")")
else
Response.Write("(State Not Found)")
end if
RS.Close
set RS=nothing
CN.Close
set CN=nothing
elseif Request.QueryString("zip")<>"" then
Response.Write("(Zip Not Valid)")
else
Response.Write("")
end if%>
The basic idea is that someone enters a zip code into a textbox on the calling page, and after moving mouse focus to the next control, the AJAX call is intended to fill a SPAN element with the associated two byte state abbreviation within parentheses.
Are my ASP classic headers wrong, or is something else causing the problem?
My PC is running Windows XP, and the ASP Classic host is running Windows 2008.
Thanks very much,
Stu Engelman
Author: stuengelman replied at 2024-08-06 11:21:41
Hi Tagit,
Got it. You can remove the email now.
Will get back to you in a few days (very busy with work right now).
Stu
Got it. You can remove the email now.
Will get back to you in a few days (very busy with work right now).
Stu
Expert: Rob Jurd replied at 2024-08-06 00:54:22
Done :-)
Author: stuengelman replied at 2024-08-06 00:08:55
Tagit,
Please see Netminder's comment above. Can you post your email address in your profile, and then make a post here to have me look. You can remove your email after I reply back that I've got it.
Stu
Please see Netminder's comment above. Can you post your email address in your profile, and then make a post here to have me look. You can remove your email after I reply back that I've got it.
Stu
Expert: Netminder replied at 2024-08-05 23:23:17
We'd prefer he didn't; better that he post it in his profile (and it's likely to cause him less spam).
Author: stuengelman replied at 2024-08-05 22:40:44
Netminder,
An article really isn't appropriate here, as I am proposing explaining an exploit to overcome a cross-domain security feature in MS software. There is no issue as long as the same person owns both sites, but this can be used as a hacking tool if someone owns one site and not the other (data theft, web form code injection to corrupt DB's, etc.).
Is it permissible for tagit to provide his email in a post here, and then we can communicate privately?
Thanks, Stu
An article really isn't appropriate here, as I am proposing explaining an exploit to overcome a cross-domain security feature in MS software. There is no issue as long as the same person owns both sites, but this can be used as a hacking tool if someone owns one site and not the other (data theft, web form code injection to corrupt DB's, etc.).
Is it permissible for tagit to provide his email in a post here, and then we can communicate privately?
Thanks, Stu
Expert: Netminder replied at 2024-08-05 19:02:02
Stu,
Just a suggestion: write an article about the problem and the solution...
Netminder
Senior Admin
Just a suggestion: write an article about the problem and the solution...
Netminder
Senior Admin
Author: stuengelman replied at 2024-08-05 15:07:32
Hi Tagit,
I'll supply you with some sample code to illustrate the concept.
Stu
I'll supply you with some sample code to illustrate the concept.
Stu
Expert: Rob Jurd replied at 2024-08-05 05:37:59
I really appreciate your explanation on that Stu and would like to fully understand how you have achieved this. I have always got permission denied and hadn't taken it any further or just found another way to get what I needed.
I'd like to do a bit of testing myself but if I don't get anywhere I'll open a question and post the link here, as I'd like your input.
I'd like to do a bit of testing myself but if I don't get anywhere I'll open a question and post the link here, as I'd like your input.
Author: stuengelman replied at 2024-08-05 00:44:49
Hi Tagit,
Actually, you can use an IFRAME to pull in any web (browser) page from any site. And then if you want to execute a server side script on the site, you can attach a JS AJAX call to the script within the IFRAME. You simply use the document.all.iframes.xxx object, where xxx is the ID of the IFRAME. Then, attach methods and events to the document.all.iframes.xxx object to make the JS call and receive the AJAX output. Next, place JS outside the IFRAME to call the methods, and finally place code within the IFRAME to pass the AJAX output back to the code outside the IFRAME. Basically, the AJAX objects responseText object will contain all Response.Write output from the server script. No credentialing will be required in the AJAX call, and no calling URL permission headers will be required in the server script, because the IFRAME treats the remote site as local.
Using this exploit is fine (though cumbersome) if you own the site you are spidering, but is unethical and typically violates terms of use if you don't. Also, state and federal intellectual property theft laws may violated if you don't own the spidered site, particularly when the site's content is copyrighted. I've used this technique to connect information between multiple sites owned by the same client, though I would never do it without the remote site owner's written permission if my client didn't own the remote site.
Stu
Actually, you can use an IFRAME to pull in any web (browser) page from any site. And then if you want to execute a server side script on the site, you can attach a JS AJAX call to the script within the IFRAME. You simply use the document.all.iframes.xxx object, where xxx is the ID of the IFRAME. Then, attach methods and events to the document.all.iframes.xxx object to make the JS call and receive the AJAX output. Next, place JS outside the IFRAME to call the methods, and finally place code within the IFRAME to pass the AJAX output back to the code outside the IFRAME. Basically, the AJAX objects responseText object will contain all Response.Write output from the server script. No credentialing will be required in the AJAX call, and no calling URL permission headers will be required in the server script, because the IFRAME treats the remote site as local.
Using this exploit is fine (though cumbersome) if you own the site you are spidering, but is unethical and typically violates terms of use if you don't. Also, state and federal intellectual property theft laws may violated if you don't own the spidered site, particularly when the site's content is copyrighted. I've used this technique to connect information between multiple sites owned by the same client, though I would never do it without the remote site owner's written permission if my client didn't own the remote site.
Stu
Expert: Rob Jurd replied at 2024-08-04 23:58:34
No objections, though for the record, the iframe solution ONLY works when you have access to the other site. I'm aware you do in this case but it is still bad programming practice to do so. It can break other apps that use the web service.
Author: stuengelman replied at 2024-08-04 23:27:03
OK, thanks Dave, Stu
Expert: Dave Baldwin replied at 2024-08-04 22:36:40
No, don't worry about it, I have no objections. @tagit gave you the details you needed.
Author: stuengelman replied at 2024-08-04 22:30:05
Dave - You provided a correct overview of the issue, but not any specific solution (other than a reference to the code Tagit provided).
Duncan - I agree you ultimately provided most (but not all) of the solution, but the details came after the points were awarded. Your earlier posts about IFRAMES would have solved the issue; I've used this technique before, but I wanted something more straightforward to avoid the extra coding required to spider the IFRAME portion of the DOM (I would have had to programmatically attach JS to an invisible IFRAME, invoke it from the main JS, and then pipe the AJAX output from the IFRAME back to the SPAN element; it all would have worked, but it would have involved about twice the amount of JS as I was using).
If there are still any disagreements from anyone, please advise. Otherwise, Tagit will retain the points for this question.
Stu
Duncan - I agree you ultimately provided most (but not all) of the solution, but the details came after the points were awarded. Your earlier posts about IFRAMES would have solved the issue; I've used this technique before, but I wanted something more straightforward to avoid the extra coding required to spider the IFRAME portion of the DOM (I would have had to programmatically attach JS to an invisible IFRAME, invoke it from the main JS, and then pipe the AJAX output from the IFRAME back to the SPAN element; it all would have worked, but it would have involved about twice the amount of JS as I was using).
If there are still any disagreements from anyone, please advise. Otherwise, Tagit will retain the points for this question.
Stu
Expert: Netminder replied at 2024-08-04 17:07:54
Off-topic comments deleted.
The request attention button exists to avoid off-topic arguments that do not contribute to the solution of a problem.
Netminder
Senior Admin
The request attention button exists to avoid off-topic arguments that do not contribute to the solution of a problem.
Netminder
Senior Admin
Expert: duncanb7 replied at 2024-08-04 16:57:44
Anyway, I have no comment here
thanks for all of you
Duncan
thanks for all of you
Duncan
Expert: Rob Jurd replied at 2024-08-04 16:27:44
Thanks for the points Stu
Expert: Rob Jurd replied at 2024-08-04 16:19:28
Easy to say when you've had the experience of a problem like this one because you know what to look for. When you haven't, you're looking for guidance.
Expert: Rob Jurd replied at 2024-08-04 16:14:14
Duncan that's not what EE is about. We as experts are here to guide and help the authors through to a solution. Posting a link just doesn't cut it in my opinion, not without an explanation at least.
I certainly felt Stu understands the code and solution.
I certainly felt Stu understands the code and solution.
Expert: Rob Jurd replied at 2024-08-04 16:12:27
Hi stu,
You have accepted the solution based on what is a solution and not just links to another page where you have to workout what is being suggested.
In your position I may have allocated Dave points as he was on the right track and as he said was on his way to posting code.
You have accepted the solution based on what is a solution and not just links to another page where you have to workout what is being suggested.
In your position I may have allocated Dave points as he was on the right track and as he said was on his way to posting code.
Expert: Rob Jurd replied at 2024-08-04 16:04:02
Duncan, what do you mean? You need to explain further what you're stating. We all agree except for you that the solution here is the solution. It works as the author wants so what's the issue?
Author: stuengelman replied at 2024-08-04 15:52:08
Hello All,
I meant no offense to anyone in picking Tagit's solution. This was the only solution that provided both the fixes to the calling JS code and the server code, without having to create hidden IFRAME's to defeat browser restrictions on cross-domain AJAX. I admit the IFRAME strategy would work, but it would have required extra JS to internally "spider" the DB host (not that complex, but more time consuming). Tagit's solution was the most straightforward and it worked perfectly without any modification.
I'm very sorry if anyone feels cheated. Please feel free to respond again if you feel I have not been fair.
Best, Stu
I meant no offense to anyone in picking Tagit's solution. This was the only solution that provided both the fixes to the calling JS code and the server code, without having to create hidden IFRAME's to defeat browser restrictions on cross-domain AJAX. I admit the IFRAME strategy would work, but it would have required extra JS to internally "spider" the DB host (not that complex, but more time consuming). Tagit's solution was the most straightforward and it worked perfectly without any modification.
I'm very sorry if anyone feels cheated. Please feel free to respond again if you feel I have not been fair.
Best, Stu
Expert: Rob Jurd replied at 2024-08-04 15:17:57
Sorry duncanb7, if anyone deserves points here it would be Dave's suggestion. There's nothing here you've posted that it's relevant to a solution.
I'm all for not stealing other ideas but clearly this is more than just about a concept. It's more than copying code too, it's how that code goes together which I didn't see here and felt it was necessary to the solution
I'm all for not stealing other ideas but clearly this is more than just about a concept. It's more than copying code too, it's how that code goes together which I didn't see here and felt it was necessary to the solution
Expert: duncanb7 replied at 2024-08-04 14:40:05
it is the requestState.asp page we called helper page.
Please review the score again, otherwise, who came later who get first and
copy others' idea to get the answer
if you need to report us the result later so meaning that is not perfect solution,
just a solution for the basis concept for cross-domain ajax, what is special if
know it the concept of cross-domain ajax
if someone can not write the code because he doesn't know the concept or
even get the code but still not understand the concept, if underdtand the concept
why he can not write the code, so the answer is the solution came from the concept
first
I also get the code without 'set xmlhttp = nothing
that simple code you can find it on any website
and please try it and I never test it
Since I came later, could I get some score that you can find it w3cschools
or everywhere ? if just need the code, why not just go
google copy some before this thread ?
Please review the score again, otherwise, who came later who get first and
copy others' idea to get the answer
if you need to report us the result later so meaning that is not perfect solution,
just a solution for the basis concept for cross-domain ajax, what is special if
know it the concept of cross-domain ajax
if someone can not write the code because he doesn't know the concept or
even get the code but still not understand the concept, if underdtand the concept
why he can not write the code, so the answer is the solution came from the concept
first
I also get the code without 'set xmlhttp = nothing
that simple code you can find it on any website
and please try it and I never test it
Since I came later, could I get some score that you can find it w3cschools
or everywhere ? if just need the code, why not just go
google copy some before this thread ?
<%'get the zipcode parameter from URLzipcode=ucase(request.querystring("zip"))url = "http://www.leadtothetop.com/getstate.asp?zip=" & zipcodeset xmlhttp = CreateDDDDDDDDDDDDDDDDObject("MSXML2.ServerXMLHTTP")xmlhttp.open "GET", url, falsexmlhttp.send ""Response.write xmlhttpDDDDDDDDDDDD.responseText'set xmlhttp = nothing%> 1:2:3:4:5:6:7:8:9:10:
later coming to see this thread users, please study concept first of ajax before get the so- called solution code becoz the code might be not correct
ANd I think the code is not solution since it is not tested and failed
Author: stuengelman replied at 2024-08-04 11:36:32
Excellent solution. Very easy to follow, and worked perfectly.
Author: stuengelman replied at 2024-08-04 11:35:38
Tagit,
Your solution worked perfectly. Thanks so much for your help.
Stu
Your solution worked perfectly. Thanks so much for your help.
Stu
Author: stuengelman replied at 2024-08-04 11:09:40
Hello Everyone,
Thanks so much for all the comments. I will test out your advice and report back.
Stu Engelman
Thanks so much for all the comments. I will test out your advice and report back.
Stu Engelman
Expert: Dave Baldwin replied at 2024-08-04 10:28:05
@tagit's code is an example of what I was talking about.
Expert: Rob Jurd replied at 2024-08-04 05:10:20
See here for an example using an embedded iframe, though you can't get the value, you can see it but i don't think it's what you want: http://jsfiddle.net/rjurd/FcNmC/
Accepted Solution
Expert: Rob Jurd replied at 2024-08-04 05:09:15
500 points EXCELLENT
I fail to see how the links posted above will help in this case... what am I missing? They're talking about resizing iframes... not really relevant here. However the helper page is relevant.
What is meant by a helper page is a "middleman" between your client page and the zip code page. It is a simple asp page that receives your ajax request and then requests the information from that zip code url as if you were using a browser accessing it directly. As you did with your browser and saw that it gave you what you were after. This helper page then passes the result back to your ajax. The ASP page running on the server has the authority to access other domains. The client doesn't so that is why this extra page is necessary.
so something like this (untested):
requestState.asp
What is meant by a helper page is a "middleman" between your client page and the zip code page. It is a simple asp page that receives your ajax request and then requests the information from that zip code url as if you were using a browser accessing it directly. As you did with your browser and saw that it gave you what you were after. This helper page then passes the result back to your ajax. The ASP page running on the server has the authority to access other domains. The client doesn't so that is why this extra page is necessary.
so something like this (untested):
requestState.asp
<%'get the zipcode parameter from URLzipcode=ucase(request.querystring("zip"))url = "http://www.leadtothetop.com/getstate.asp?zip=" & zipcodeset xmlhttp = CreateObject("MSXML2.ServerXMLHTTP")xmlhttp.open "GET", url, falsexmlhttp.send ""Response.write xmlhttp.responseTextset xmlhttp = nothing%> 1:2:3:4:5:6:7:8:9:10:
then in your javascript:
Expert: duncanb7 replied at 2024-08-04 01:16:56
That is why I said helper page , please study the link first, and you will understand
how it work for cross-domain and then apply back the idea into your real cases
how it work for cross-domain and then apply back the idea into your real cases
Expert: Dave Baldwin replied at 2024-08-04 01:12:54
Cross-site scripting is blocked as a security restriction in all modern browsers because it has been used in the past for bad purposes. What you can do instead is use AJAX to contact a page on your server that fetches the info from the other server and returns it to your page. It's a two-step process but the browsers will not allow you to directly access the other domain directly in javascript.
Expert: duncanb7 replied at 2024-08-04 00:56:33
I think you need additional helper page to do cross-domain Ajax, just study this first, simple
example from this link
http://paulasmuth.com/blog/dynamic_height_crossdomain_iframe/
http://johan.driessen.se/posts/resizing-cross-domain-iframes
example from this link
http://paulasmuth.com/blog/dynamic_height_crossdomain_iframe/
http://johan.driessen.se/posts/resizing-cross-domain-iframes
Expert: duncanb7 replied at 2024-08-04 00:56:00
I think you need additional helper page to do cross-domain Ajax, just study this first
http://paulasmuth.com/blog/dynamic_height_crossdomain_iframe/
http://johan.driessen.se/posts/resizing-cross-domain-iframes
http://paulasmuth.com/blog/dynamic_height_crossdomain_iframe/
http://johan.driessen.se/posts/resizing-cross-domain-iframes