You just described a basic XSS attack, browsers generally do not allow
cross-domain XHR because of that. You can get around it by using your
own domain as a proxy for JSONP.

On Jan 27, 2:43 pm, Trend-King <i...@trend-king.de> wrote:
> hello i havea question about how saveis jquery and JSON.
>
> i use $ajax({url:url,datatype:json...}) to get a markup of JSON items
> that updates the dom of my page via the success function passing the
> response to an function.
> and $.each the items to update the html of the element.
>
> in that funktion that manages the items i have a  markup before that
> checks if the JSON got an markup of url to get. if it is so i pass
> that url to another funktion of $ajax({url:that url...}) with gets me
> the changed content for the middle of my page and updates the html.
>
> so my question is how save this is. for example if there will be an
> not from me url and gets the html for the middle of the page from
> extern by injecting or hacking.
>
> i hope i wrote this to understand my question...
>
> greet and thanks for your reply

Reply via email to