> However, relying on this behavior may be risky - > the Douglas Crockford quote on the > following page comes to mind:
In fact, it is the complete opposite of 'risky' - it is very safe. It's not going to change anytime in the foreseeable future (considering that it would require every single browser manufacturer to, first deem it as being a security hole, then fix it independently of each other). IMO, I don't consider the loading of remote scripts to be a security hole at all - and that many browser-based security restrictions are way to tight as it is. Right now you can do much more damaging things with Iframes (see: What's currently possible for remote scripting in Dojo) than anything that can be accomplished with script tags. Look at Crockford's proposed JSONRequest object - it's borderline unusable due to all the security restrictions that are in place - forcing them to only work in the most controlled of situations. Of course, maybe I'm just bitter because I'm constantly trying to find ways of doing cross domain requests - and am being foiled at every step of the way ;-) --John _______________________________________________ jQuery mailing list [email protected] http://jquery.com/discuss/
