| Author |
'include' question
|
|
| Marnok.com 2006-12-15, 6:58 pm |
| Hi
I am trying to include a file from another site in my page. The other page
is messing up the rest of my page - it seems to have an extra </table>, or
else the </body></html> on the foreign site is confusing my page layout.
I wondered if there was a "safe" way to include a foreign page so that it
sits within the boundaries I lay out and is treated only as a self-contained
entity?
hope I explained that right...
--
****************************************
*
http://www.cafepress.com/marnok
****************************************
*
| |
|
| Marnok.com schrieb:
> Hi
>
> I am trying to include a file from another site in my page. The other page
what do you mean by another site?
A site from a different domain or a different server, give more details.
> is messing up the rest of my page - it seems to have an extra </table>, or
> else the </body></html> on the foreign site is confusing my page layout.
>
> I wondered if there was a "safe" way to include a foreign page so that it
> sits within the boundaries I lay out and is treated only as a self-contained
> entity?
>
> hope I explained that right...
>
>
>
>
>
>
| |
| Marnok.com 2006-12-15, 6:58 pm |
|
"Ric" <antispam@randometry.com> wrote in message
news:eluuuv$qj6$1@online.de...
> Marnok.com schrieb:
> what do you mean by another site?
>
>
> A site from a different domain or a different server, give more details.
>
A different domain, on a different server.
--
****************************************
*
http://www.cafepress.com/marnok
****************************************
*
| |
|
| Marnok.com schrieb:
> "Ric" <antispam@randometry.com> wrote in message
> news:eluuuv$qj6$1@online.de...
>
>
> A different domain, on a different server.
>
>
In that case this is not to easy, a possible solution would be to
download the page with php write it to a file and include it in an iframe:
<iframe scrolling="no" frameborder="0" src="localfile.html" "
width="100%" height="100%">
iframes cannot include sites from another domain(would be a security
risk), that's why you need to download.
Or you could just grab the remote site parse it and then include the
html which works inside your page.
If you explain exactly what you want to do we might have another idea.
| |
|
| Hopefully it has nothing to do with the virus/exploit and Java thingie he has embedded in
his site.
-Lost
| |
| Colin McKinnon 2006-12-16, 6:58 pm |
| Marnok.com wrote:
> Hi
>
> I am trying to include a file from another site in my page. The other page
> is messing up the rest of my page - it seems to have an extra </table>, or
> else the </body></html> on the foreign site is confusing my page layout.
>
> I wondered if there was a "safe" way to include a foreign page so that it
> sits within the boundaries I lay out and is treated only as a
> self-contained entity?
No.
Don't use 'include' or 'require', and expect your site to be XSS vulnerable
as a result.
Parse it as XML and don't show it if its badly formed.
C.
| |
| OmegaJunior 2006-12-16, 6:58 pm |
| On Sat, 16 Dec 2006 16:38:28 +0100, Colin McKinnon
<colin.thisisnotmysurname@ntlworld.deletemeunlessURaBot.com> wrote:
> Marnok.com wrote:
>
>
> No.
>
> Don't use 'include' or 'require', and expect your site to be XSS
> vulnerable
> as a result.
>
> Parse it as XML and don't show it if its badly formed.
>
> C.
How about an iFrame?
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
| |
|
| OmegaJunior schrieb:
> On Sat, 16 Dec 2006 16:38:28 +0100, Colin McKinnon
> <colin.thisisnotmysurname@ntlworld.deletemeunlessURaBot.com> wrote:
>
>
> How about an iFrame?
an iframe cannot include pages from other domains and if someone is
talking about xss it is clear that this is about including pages from
other domains
>
> --Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
| |
| Marnok.com 2006-12-20, 6:58 pm |
|
"-Lost" <spam_ninjaREMOVEME@REMOVEMEcomcast.net> wrote in message
news:rOadneb8_pWn8x7YnZ2dnUVZ_sqdnZ2d@co
mcast.com...
> Hopefully it has nothing to do with the virus/exploit and Java thingie he
> has embedded in his site.
>
> -Lost
>
Wow, took me a while to figure out what you were referring to. I visited
marnok.com and got wierd browser messages... I re-uploaded the index page
and the messages have gone. looks like I was victim of some minor hacking??
Or perhaps one of the ads was to blame.
I have no idea what that was about, I'll investigate. Thatnks for bringing
it to my attention.
--
****************************************
*
http://www.cafepress.com/marnok
****************************************
*
|
|
|
|