Embeddable gists are another example: <script src="https://gist.github.com/javan/7725255.js";></script>
On Monday, December 2, 2013 2:11:24 PM UTC-5, Xavier Noria wrote: > > On Mon, Dec 2, 2013 at 7:43 PM, Egor Homakov <[email protected]<javascript:> > > wrote: > > I am trying to imagine "dynamically generated public JavaScript" but >> nothing comes to my mind. >> > > This is an old trick. > > Your service provides a small JavaScript snippet for hosting sites to > embed. The snippet generates a SCRIPT tag in the hosting DOM whose creation > triggers a (GET) request to fetch JavaScript from the central service, in > the provider's domain. That as you know is not subjected to the same-origin > policy, hence the technique. > > See for example the snippet of Disqus: > > http://disqus.com/admin/universalcode/ > > The response contains JavaScript, whose evaluation injects content in the > host page. > > The user browsing the hosting website is not a user of the service > provider, users may not even realize there is a centralized service > providing that section of the page. > > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/groups/opt_out.
