> that XMLHttpRequest.open(...) are disallowed if they target > for another domain, than the one the document is in? > Like disallowing cross-site calls?
Yes, to avoid cross-site scripting attacks; remember Javascript has globally accessible objects so if cross-site scripting was allowed then an attacker could make a script which went through the browser's open documents looking for a particular library and modify that. Presumably a signed Javascript will be allowed to perform a cross-site connection. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]