Location: PHPKode > scripts > Javascript includer > javascript-includer/README.txt
most javascript browsers generation 3 and over support the
<script src="http://..."></script>

among some nice tricks are the ones you can make by using this is having the 
javascript included file do one or more 'document.write("watever here")', which 
will fall exactly where you placed the <script tag.


This php class, and the associated example, will let you include page served from 
anywhere in any javascript enabled browsers, and it works also if you open the 
including page as a file on the filesystem

It is universal in the sense that it lets the included file 
be anywhere, but it will not include 'any' file. If you want to use 
it to include external pages, clean HTML works best. 
Of course, it will javascriptize php pages dynamically generated
from a php enabled webserver

-It enables serving 'inclusions' as banners, news etc. to pages hosted 
 anywhere, even on the filesystem, or on pages on servers that do not 
 have php installed
-It enables appending more external pages to a single document.
-It enables, in conjunction with phplib for example 
 (see : http://lists.netuse.de//phplib/0001/0348.html), remote session 
 tracking.
-It can enable, with some extra parameter, the conditional inclusion 

One thing to notice is that this 'alien written' piece of  javascript or html, with 
regards to cookies, has a whole new header and cookie restrictions 
apply as  a different domain.

Let me know what you think...


Giancarlo
hide@address.com

More findings about the way it works:

-The included document, if not filtered, ha so be somewhat tidy and consistent, 
not frameset, nor containing conflicting or external referencing javascript itself etc.
All relative paths in the included page will obviously be seen as local

-pages that contain Javascript themselves seem to mess up.
-what happens on timouts? would be good to use fgets with a time limit.
-filters? tidy makes a good filter: http://www.w3.org/People/Raggett/tidy/

WARNINGS
/* as of now I simply get the url */
/* you can invent more practical/blocking ways to pass the handle*/

/* and of course you'll want to add some restriction here,
   as it is it can download anything from you filesystem 
   as well, password files etc.
   it is recomended that you don't leave this to the public 
   access as it is. Use it to mediate between some php output
   you generate yourself and can control, this is just an
   example to start playing
*/


WARN !!

cert advisory alert against malicious HTML tags, in particular SCRIPTS
so is definitely better if you know what you have
 
http://www.cert.org/advisories/CA-2000-02.html
Return current item: Javascript includer