From RDFa Working Group Wiki
Jump to: navigation, search

Using Flash to Enable Pure Javascript RDFa Processors

There is a feature in RDFa 1.1 that requires RDFa Processors to fetch profile documents that are external to the document being processed. This type of behavior is typically denied by Javascript environments due to Cross-Origin attacks.

What is needed is some non-browser mechanism that allows safely fetching remote documents from Javascript. We must be careful to now allow Cross-Origin attacks.

One such mechanism is to use Flash (available in 98% of all browsers) to fetch the remote document. One can specify which cross-origin URLs are allowed via the Flash socket policy file (which must be served from the same domain as the document being parsed). This /could/ enable a site like Facebook (and their OGP partners) to both include and extract RDFa 1.1 from their pages using pure Javascript and a jQuery library.

We could also create a safe caching proxy that would only retrieve @profile documents if they had @profile-related information. We could use the crossdomain.xml policy file to accomplish this.

While the solution wouldn't be as useful as having native browser support of RDFa - it would allow full RDFa 1.1 support without requiring native browser support for @profile.