Dynamic Script tags

It must be the future!  People have used a certain term, AJAX recently to make stealthful requests only the same domain.  This doesn’t work in my case because forums.fearlessfew.com and fearlessfew.com can not access each other via AJAX.  One option down, and a Google search to go.  I was looking at something called a dynamic script tag that used something called JSON which was all really complicated and I still don’t understand most of it.

I’ll try to explain the best way to bypass security policies of AJAX.  Lets say you want to pass on a variable to a PHP script.  You could use GET parameters from the URL that looks something like this

The final goal is to pass kanno41 or some variable to a PHP script unobtrusively.  What a dynamic script tag does is that it creates a script tag which can access a source file from ANY domain.  Here is an example of what the script will put on the page:

When this script is loaded, the “woot” variable with the value kanno41 will be passed onto the index.php file. Now, what if you don’t know what variable you want to send yet on page load, or you want someone clicking on something to send that data? This is where the dynamic script tag comes in. It is merely simple javascript.

When we run this function and pass a URL to it, it will build the script tag which we mentioned earlier. To run a function, let’s do something like this, for something simple:

This will cause a script from any another server or domain to be loaded right when you would click on that button. In my case, since I am making the script’s source be a PHP script, I pass on the “woot” variable with the value kanno41. When this is loaded, the PHP file will be able to get anything passed to it through the GET parameters.What if you want to pass on something which could change all of the time? Just make a little script like this one for example:

To me, this is a revelation. I can now send any variables to a PHP script through this method.

For me, I would have the PHP script return some javascript back, maybe something like

I hope you’ve enjoyed reading this and maybe you learned something, or maybe you didn’t. Feel free to ask questions about this. Some stuff may not wrap correctly, but there’s nothing I can do about that.