You just described a basic XSS attack, browsers generally do not allow cross-domain XHR because of that. You can get around it by using your own domain as a proxy for JSONP.
On Jan 27, 2:43 pm, Trend-King <i...@trend-king.de> wrote: > hello i havea question about how saveis jquery and JSON. > > i use $ajax({url:url,datatype:json...}) to get a markup of JSON items > that updates the dom of my page via the success function passing the > response to an function. > and $.each the items to update the html of the element. > > in that funktion that manages the items i have a markup before that > checks if the JSON got an markup of url to get. if it is so i pass > that url to another funktion of $ajax({url:that url...}) with gets me > the changed content for the middle of my page and updates the html. > > so my question is how save this is. for example if there will be an > not from me url and gets the html for the middle of the page from > extern by injecting or hacking. > > i hope i wrote this to understand my question... > > greet and thanks for your reply