Issue with dhtmlAjax in chrome (XSS issue?)

Hi all,

I’m trying to use the dhtmlAjax stuff and it works fine in IE but when I use it in chrome it returns no response.

I’m not sure if this is because chrome is defending against cross side scripting (even though the origin url is the same as the destination url because all the files sit on the same local server).

any ideas?

further investigation seems to point to an issue within the dhtmlAjax product.

If I do this:

var response = dhtmlxAjax.get(“elements/data.php?id=”+id);
xmlhttp = response.xmlDoc;
document.getElementById(“mydiv”).innerHTML = xmlhttp.responseText;

then in chrome I get nothing back (works fine in IE9)

but if I do this

xmlhttp=new XMLHttpRequest();
xmlhttp.open(“GET”,“elements/data.php?id=”+id,false);
xmlhttp.send();
document.getElementById(“mydiv”).innerHTML = xmlhttp.responseText;

Then it works fine in chrome and ie9

This is all being run from a local domain (not localhost but from an IP on my local network)

Hi,

dhtmlxAjax.get is an async call. And you are trying to use it the same way as dhtmlxAjax.getSync

In case of async, you need to use the snippet like so:

dhtmlxAjax.get(“elements/data.php?id=”+id,function(response){
xmlhttp = response.xmlDoc;
document.getElementById(“mydiv”).innerHTML = xmlhttp.responseText;
});

See the sample:
dhtmlxAjax/samples/01_samples_of_usage/01_send_request.html
the same in our online docs - dhtmlx.com/docs/products/dht … quest.html

yeah sorry i found out i was doing something wrong

i should have posted to say i had sorted it so to not waste your time!

thanks for the help anyway :slight_smile: