In the non WP part of the site there are only a few templates that can be used effectively …because the templates in question would be used by more than one page the RSS WP content shows up everywhere the template is used.

The non WP part of the site uses Qcodo and Ajax. The qcodo controls are in files that have been encrypted. So what if I want to show content from the non WP part of the site in the WP part of the site? This content doesn’t come with RSS.

So I went looking for other solutions:Scraping.

With scraping I can create a WP page and put whatever I want in it then include this page in the non WP part of the site using the techniques either from this tutorial or the one from Net Tuts.

Rubbish: what solution do you propose other than scraping?

Ashley: is this safe to do if the content is from the same website/domain?

I see your point about XSS from an external point of view if you don’t control the domain or content, this wasn’t however the case in my original solution so wasn’t a problem.

maybe you should check this tutorial out from the reputable Nettuts.com, a little more complex but the the same outcome.

As I have said previously its nice to use your name rather than hide anonymously.

The fact is, if the user has scripting on their page (HTML), you scape their page and incorporate their HTML (to be parsed with jquery) that active content will have access to your page, will not be subject to cross-domain restrictions and will have control over any content or cookies set by your server.

You will be subjected to cross site scripting in the exact same way as if you had an input form which you echoed back to the user.

I know this because I have done it myself to idiots.

Remember, when you use CURL to request a page, that request is being sent with a particular signature that identifies it as a non-browser request (the user agent is all wrong, there are more hints as well) , also, the IP address will be that of YOUR server, not that of a user ISP.
Therefore, the target can recognize and send you targeted text back, that can result in an unfriendly site experience. They could even send back javascript that could parse and steal the log in cookie of whomever is viewing!

Remember back when Hotlinking graphic files was an issue and people used to substitute offensive files in the place of the hotlinked files?

In any event, the scraped content no constitutes INPUT and will have to be SANITIZED the same way you sanitize ALL input before including it in a page.

You can do this all with PHP, no need to write “serious regEX” a short google for PhpHTML dom
http://simplehtmldom.sourceforge.net/ will provide all you need.

The problem I had at work was that we had 2 sub domains that we needed to make ajax requests on, so they were owned by us.

If you’d left your real name and email address I could have emailed you personally as you’ve clearly got the wrong end of the stick.