No, you can load *scripts* cross-site with no problem. It's true, a server-side proxy is the only way to do a cross-site Ajax download. But if the information is available in any kind of executable JavaScript format, you can use a script tag or a dynamic script element to download it. That's what the JSONP (JSON with callback) format is all about - wrap a JSON object inside a callback function whose name is given in the request URL. Here's an example: http://www.flickr.com/services/feeds/photos_public.gne?format=json <http://www.flickr.com/services/feeds/photos_public.gne?format=json&jsoncall back=fotofeed> &jsoncallback=fotofeed That URL returns: fotofeed({ "title": "Everyone's photos", "link": "http://www.flickr.com/photos/";, // more stuff here, including an array of photo links and info })
If you create either a script tag or a dynamic script element with that URL in the src, it will call your "fotofeed" function (or any function you name in the jsoncallback= URL parameter) and pass it the JSON data. It doesn't have to be JSON data, of course - the script tag can execute any JavaScript code (which can be good or bad - obviously you need to trust the data provider). JSONP is just a common convention for downloading JSON data cross-domain. If you want to make sure that no rogue JavaScript code is executed, or if the data isn't available in JSONP or a similar executable script format, then you do need to Ajax and a server-side proxy. -Mike _____ From: Matt Stith The only way around is to use a server-side script as a proxy, as loading scripts cross-site is a security risk, which is why browsers block that out. From: Anthony Leboeuf(Worcester Wide Web) I am working on a website for the BBB and need to load a document cross site, I am getting a permission denied message when doing so. Is there a way around that?
