XSS : Access an RSS feed
-
Friday, October 31, 2008 10:49 PMHi Folks,
Do you have any examples of grabbing an RSS feed?
I have tried including the old feed2js tag eg:
<script src="http://landmark-project.com/feed2js/feed2js.php?src=http%3A%2F%2Fservices.social.microsoft.com%2Ffeeds%2F%2Ffeed%2Fquery%2Ftype%2Fforum%2Feq%2Fdatatype%2Fthread%2Feq%2Fand%2Fforumid%2F46aa2ba8-17ac-4164-a0c1-3dadfb7849a1%2Feq%2Fand" type="text/javascript" language="Javascript">
But it gives an error
This capability was disabled due to an error. Details...
Parsing Error: Invalid XHTML
Are all external calls blocked?
Thanks,
slyi
All Replies
-
Monday, November 03, 2008 6:37 PM Hey slyi,
External calls are not blocked and we actually fetch the File when accessed via the server. (I haven't tested silverlight since the host of the file decides if silverlight can access it) The reason that the sandboxing threw an error was because the document writes were split across HTML nodes. The example below should help illustrate.
Fails:
document.write('<div>');document.write('</div>');
Passes:
document.write('<div></div>');
Possibly in the future we may support the Failing case above by condensing the document write calls into one combined call.- Marked As Answer by Scott IsaacsMicrosoft Employee, Owner Friday, November 07, 2008 5:10 AM
-
Monday, November 03, 2008 7:08 PMOwner Document.write support will be improved. It is a known issue that it fails in many common scenarios.
-Scott- Marked As Answer by Scott IsaacsMicrosoft Employee, Owner Friday, November 07, 2008 5:10 AM
