Problem using : using dataURL method

[amansukhani]

Hi,

 

 

 

I am using dataURL method to supply XML required by fusion charts. My URL contains parameters that I need in order to create the XML and one of these refers to a physical file location and has the full path - C:myprojectstest.txt. Because of this colon present in the URL I see the following error -

 

 

 

A colon character was found in dataURL, which can be potentially dangerous as it allows XSS attacks. Re-setting dataURL to Data.xml. If you're using absolute URLs (like http://domain.com/...) to provide dataURL, please convert it to relative path for increased security.

 

 

 

Is there a way to work around this?

 

 

 

Thanks.

[FusionCharts Support]

Hi,

You can  not use absoulte path for XML. You need to provide a relative path.

[amansukhani]

Hi,

 

 

 

My URL to the XML content is relative. I am using a parameter in the URL that refers to an absolute path. This is there just to help me generate the XML content. Why should this be disallowed? My URL is of the form -

 

 

 

/viewer/extract?__extractextension=flashchartsxml&__instanceid=%2F0.14&__document=D%3A%5CFusionCharts_Project%5Cruntime-3_25%5Ctest.text&__locale=en_US&__bookmark=%23

 

 

 

I am encoding this URL using escape(url) before setting the dataurl

 

 

 

Thanks.

Edited April 3, 2008 by Guest

[Pallav]

If there are any colons in your dataURL, we disallow it to prevent XSS attacks.

[FusionCharts Support]

Hi All,

You can use a relayer script to fetch your XML and set that to the chart.

We have posted some relayer scripts using various technologies : could you please refer to them?

http://www.fusioncharts.com/forum/Topic3741-27-1.aspx?Highlight=relayer