Start Python at client side from web app

Diez B. Roggisch deets at nospam.web.de
Thu Jan 22 20:40:38 CET 2009


Rob Williscroft schrieb:
> Diez B. Roggisch wrote in news:6tpo16FbacfjU1 at mid.uni-berlin.de in
> comp.lang.python: 
> 
>>> 2) create a localhost web server, for the client side manipulation.
>>> Then have your remote webserver render a form that posts via
>>> javavscript to the localhost webserver.  The localhost server would
>>> post back in the same way.
>> AFAIK the JS security model prevents that.
>>
> 
> Are you thinking of frames?, or the way IE 7 complains about 
> runnning javavscript (though it bizzarly calls it an "running 
> an ActiveX control" )?.

Before posting, I tried a jQuery-ajax-call inside Firebug from some 
random site to google. It bailed out with a security execption.

And I found this:

"""

The Same-Origin Policy
The primary JavaScript security policy is the same-origin policy. The 
same-origin policy prevents scripts loaded from one Web site from 
getting or setting properties of a document loaded from a different 
site. This policy prevents hostile code from one site from "taking over" 
or manipulating documents from another. Without it, JavaScript from a 
hostile site could do any number of undesirable things such as snoop 
keypresses while you’re logging in to a site in a different window, wait 
for you to go to your online banking site and insert spurious 
transactions, steal login cookies from other domains, and so on.
"""

http://www.windowsitlibrary.com/Content/1160/22/1.html

Now there might be ways around this - but these sure are hacky, and not 
exactly the thing to look after.

Diez



More information about the Python-list mailing list