Is there any way to bypass NS_ERROR_DOM_BAD_URI when cross site access is disabled?

0 votes
asked May 18, 2009 by fmsf

I'm doing an XSS report for my university, and I'm doing some tests with calling external webpages using AJAX.

The code I'm using for this example is very simple, and one of my target case-studies is to be able to call an outside web-page via AJAX with cross site disabled.

Note:

I only plan to use this on FireFox, and I am not concerned about IE compatibility.

<script>
    var xmlhttp=new XMLHttpRequest();
    xmlhttp.onreadystatechange=function(){
        if(xmlhttp.readyState==4)
        {
            alert(xmlhttp.responseText);
        }
    }
    xmlhttp.open("GET","http://example.com",true);
    xmlhttp.send(null);
</script>

Now the problem here is that uncaught exception: Access to restricted URI denied (NS_ERROR_DOM_BAD_URI) is thrown. I've been searching around and the best piece of information I found to bypass this was using jquery with json, but that doesn't suit me, and another example was this one (in french).

Can anyone explain me how to do this? Or is it just unsolvable due to the same origin policy?

Edit:

If anyone knows, how does Google post the values through Google analytics? Or this problem only happens for get and not for post? Some help would be nice.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
Anti-spam verification:
To avoid this verification in future, please log in or register.
Welcome to Q&A, where you can ask questions and receive answers from other members of the community.
Website Online Counter

...