2009-04-18

SEC/MSEC go JSONP

You can now slap a JSONP parameter to SEC and MSEC calls to get data in cross-domain-friendly format.

Add something like this to the code in your page, triggered (for example) after the user clicks a link or fills in a form field:

   var sector = "Spinward Marches";
var url = 'http://www.travellermap.com/SEC.aspx' +
'?q=' + encodeURIComponent(sector) +
'&jsonp=myfunction';
var script_tag = document.createElement('script');
script_tag.setAttribute('src',url);
document.body.appendChild(script_tag);

This adds a new <script> element on the fly, filled in with "source code" by TravellerMap.com. The script it generates will look like this:

    myfunction("# Spinward Marches\r\n# blah blah\r\nRegina    1910 ...";

The script will run immediately when it is done loading. So you add a function called "myfunction" (or whatever) to your code and it will be called with a whopping huge string containing the sector data, ready for your parsing needs. Ω

1 comment:

Allen Varney said...

Sorry to show my ignorance here, but doesn't this functionality leave the map site open to -- at the very least -- cross-site scripting (XSS) hacks? The whole procedure sounds quite insecure. But I'm incompetent to judge that, so I apologize if I'm off base.