0
So, I'm not sure if the reason I'm having trouble with this is because it looks awfully like malicious activity or not. What I'm attempting to do is make my life a little less terrible with a piece of very inflexible and outdated web-based software.
Basically, there's a block of HTML that I can edit from within the software (it's inserted into a td
element), and I want to have the content of that block come from a plaintext file on my local drive, being synced to the cloud with Dropbox.
It is possible to do something like this:
<td>
<script>
insert_text_from_url("https://dl.dropboxusercontent.com/s/blahblahblah/file.txt?token_hash=blahblahblah&dl=1");
</script>
</td>
With the output being <td>[contentsof_file.txt]</td>
?
Would
<iframe>
work? You can do what you want with javascript, but it's not a simple, single function. – Darth Android – 2013-08-26T16:06:08.887I was hoping not to use an
iframe
since it's much less elegant, but I'm somehow not able to get that to work either. – NReilingh – 2013-08-26T16:09:23.120XSS is prevented by most browser JavaScript implementations. – Synetech – 2013-12-31T05:53:39.390
@Synetech Yes, this was my issue in testing, since the browser realized it was loading the same code being submitted in the previous page load. But, all the browsers I've tested have been okay loading a .js file from a remote server as long as everything is under SSL. – NReilingh – 2013-12-31T05:55:51.130