that XMLHttpRequest.open(...) are disallowed if they target
for another domain, than the one the document is in?
Like disallowing cross-site calls?
Yes, to avoid cross-site scripting attacks; remember Javascript has
globally accessible objects so if cross-site scripting was allowed
Hi Wilhelmsen,
2008/11/7 Wilhelmsen Tor Iver [EMAIL PROTECTED]
that XMLHttpRequest.open(...) are disallowed if they target
for another domain, than the one the document is in?
Like disallowing cross-site calls?
Yes, to avoid cross-site scripting attacks; remember Javascript has
globally
Maybe a trivial question,
but do I have to conclude from the W3C spec for XMLHttpRequest.open(...)
http://www.w3.org/TR/XMLHttpRequest/#open
esp. nr. 11
that XMLHttpRequest.open(...) are disallowed if they target for another
domain, than the one the document is in?
Like disallowing cross-site