ok i understand
but how does plugins like thickbox or some balloon tips handle the get
from other domains.
in that plugins you can say get me the content from for example
google.
do they all manage this via iframe?
William schrieb:
> You just described a basic XSS attack, browsers generally do not allow
> cross-domain XHR because of that. You can get around it by using your
> own domain as a proxy for JSONP.
>
> On Jan 27, 2:43 pm, Trend-King <i...@trend-king.de> wrote:
> > hello i havea question about how saveis jquery and JSON.
> >
> > i use $ajax({url:url,datatype:json...}) to get a markup of JSON items
> > that updates the dom of my page via the success function passing the
> > response to an function.
> > and $.each the items to update the html of the element.
> >
> > in that funktion that manages the items i have a markup before that
> > checks if the JSON got an markup of url to get. if it is so i pass
> > that url to another funktion of $ajax({url:that url...}) with gets me
> > the changed content for the middle of my page and updates the html.
> >
> > so my question is how save this is. for example if there will be an
> > not from me url and gets the html for the middle of the page from
> > extern by injecting or hacking.
> >
> > i hope i wrote this to understand my question...
> >
> > greet and thanks for your reply
