Hi Wilhelmsen, 2008/11/7 Wilhelmsen Tor Iver <[EMAIL PROTECTED]>
> > that XMLHttpRequest.open(...) are disallowed if they target > > for another domain, than the one the document is in? > > Like disallowing cross-site calls? > > Yes, to avoid cross-site scripting attacks; remember Javascript has > globally accessible objects so if cross-site scripting was allowed then > an attacker could make a script which went through the browser's open > documents looking for a particular library and modify that. > > Presumably a signed Javascript will be allowed to perform a cross-site > connection. > thanks for the confirmation, this helps to understand an issue I have while developing wicket-contrib-gmap2. It was noticed that a map can't be initally added to a page within an ajax call. As I understand now this is because wicket-ajax.js is evaluating the HeaderContributions needed for the GMap2 and tries to XMLHttpRequest.open(..) the google javascript file for the gmap from google.com. A solution is quite simpe, as we already did it. The HeaderContribution needs to be added to the page that potentially might load a gmap using ajax later on. thnx, Martin
