[EMAIL PROTECTED] wrote: > I think there must be something here that I am missing. Can somebody > point me to what the rules are now? (I found the post of BZ from > 2006).
The rules are that you can no longer change the origin of a document. This means: 1) You can only document.load() documents from URIs that are same-origin with the document you're calling load() on. If you created the document from scratch, the URIs need to be same-origin with the code that called createDocument(). 2) If you want to create a document from a string, use DOMParser. 3) If you need to create a document by parsing data that lives at a URI you're not same-origin with, use XMLHttpRequest. -Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
