On Fri, 12 Mar 2010 08:35:48 +0100, Brett Zamir <bret...@yahoo.com> wrote:
My apologies if this has been covered before, or if my asking this is a bit dense, but I don't understand why there are restrictions on obtaining data via XMLHttpRequest from other domains, if the request could be sandboxed to avoid passing along sensitive user data like cookies (or if the user could be asked for permission, as when installing browser extensions that offer similar privileges).
Did you see http://dev.w3.org/2006/webapi/XMLHttpRequest-2/ http://dev.w3.org/2006/waf/access-control/ ?
Servers are already free to obtain and mix in content from other sites, so why can't client-side HTML JavaScript be similarly empowered?
Because you would also have access to e.g. IP-authenticated servers. -- Anne van Kesteren http://annevankesteren.nl/
