IE6 XMLHttpRequest same-origin policy

In IE6, there is no native XMLHttpRequest object, but we can use ActiveXObject('Msxml2.XMLHTTP') for the same purpose. The same-origin policy also applies to ActiveXObject in IE6, and there might be exceptions. There is a setting called "Access data sources across domains" for internet, intranet, and trusted sites zone. If it is set to enable in internet/intranet/trusted sites and the page that tries to access data in different domains falles into one of those zones, you won't get the permission denied exception. If the option is set to false, you will get the exception.
Read more!

Safari's defect on same-origin policy?

XMLHttpRequest object follows the same-origin security policy, which means you can't use it to request data from another domain. For example, the web page is hosted in domain http://www.domain.com, and it is forbidden to request data from http://www.domain1.com using XMLHttpRequest. You will get a permission denied exception when you try to call the open() method.

Same origin means same protocol, same host and same port. However, it looks like different browsers interpret this in different ways. I had an SCORM course, which is hosted in domain http://www.domain.com, but the requested app is located in domain http://www.domain.com:80. I didn't have any issue with IE and FireFox, but in Safair, I got a permission denied exception. I am wondering if this violate the same-origin policy in Safari.

Interesting discussion here for by passing the same-origin policy for XMLHttpRequest object in Firefox and IE.

PS: According to RFC 1738, the port defaults to 80 if port is ommitted. After I get rid of the 80 port number in the url for the requested app, it works in Safari. Unlike IE and Firefox, I guess Safari literally check the URL for the domain.
Read more!

照顾小人真是麻烦啊

还是忍不住上来发发牢骚，这小人也太难伺候了。先是不好好吃奶，懒得吃，每次都要妈妈把奶给泵出来，就着奶瓶才喝，这样他不费力。这倒好，累了妈妈也累了爸爸。这洗瓶子蒸馏瓶子的功夫也不少啊。还好省了洗尿布的事，就用纸尿布了，但是这换尿布也花时间，每天得换上10来次，偶的钱包就是被这小人给拉完了。而且每次来小的，这小人就像杀猪似的，从来就没有轻轻松松换过。然后就是要吃饭了，就跟强盗一样狠命抢，吃不到就狠命的哭。喂好后，肚里有气了，又开始乱蹬，小脸憋得通红，想burp他都不容易，每次得爸爸妈妈，外公外婆轮番上阵，直到出嗝为止。这些倒还好，可恶的还是小人晚上不好好睡觉，每次喂完换好尿布后，还在那唧唧歪歪的，整的大家睡不好。前天总算出满月了，希望小人好好体谅一下爸妈和外公外婆，乖乖的吃饭，好好睡觉...

来两张出浴图




还有跟姐姐ally的合影

Read more!

encode AICC data in JavaScript

The AICC data in putparam command needs to be encoded before send the HTTP request, and there are several JavaScript methods for encoding strings: escape, encodeURI, encodeURIComponent. Here is the article describing the difference between them. However, those 3 doesn't quite meet the requirements, because all of them will skip some unsafe characters. For example, escape and encodeURI will skip the unsafe character "/", and encodeURIComponent will skip the unsafe character "'".

Since "+" will be decoded to spaces on the server, this needs to be encoded before sending the AICC data. This makes escape() the last one we should choose, and encodeURI skips a lot of unsafe characters, besides "+". So it looks like encodeURIComponent is the best choice, but we need to be careful about "'" and "~".

Read more!