1

Sometime ago I was guessing if there was a trick to directly load XML using some new HTML5 technologies, then I found "data islands", then I found "HTML5 data blocks".

Reading the following address: https://developer.mozilla.org/en-US/docs/Using_XML_Data_Islands_in_Mozilla . I discovered this:

JavaScript can use the content of a <script> element as a data block if the src attribute is omitted...

Why its not allowed to get "data" that way? What's the problem? Its not clear that with src it's much more useful?

I've some XML that I would like to parse, but I would like to put it separatelly (from the HTML).

Its a security issue? Lack of implementation? What else?

Thank you for your assistance.

Update

I knew that I could:

<object id="xml" data="the.xml" type="text/xml" charset="UTF-8" style="display:none"></object>

But the question remains:

They didn't allowed the src attribute because of a security issue? I'm just curious.

Improve this question

1 Answer 1

Reset to default
1

src loads content from an external resource, which might be on a different domain, which you don't have permission to read (since it might contain data only available to authorised users and being able to hijack your visitors credentials would be dangerous).

Use XMLHttpRequest if you want to get data from an external resource. It addresses those issues (via CORS).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for your comment. XMLHttpRequest is a good choice if you have control over the server, otherwise everyone else is very limited (even if I trust completely on the site). As today Websites might publish each one a set of XML to be used by each other (without previously planning it), it might be an issue.
Just completing the paragraph above, think about a user submitting HTML content with the intention of gathering content from lots of websites (XML from lots of other websites). Its hard to solve this with these limitations.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.