[jQuery] Cross site scripting query
Hi
Is there any additional security restriction on code that is
dynamically loaded into a page. Or on .post requests of type json?
As per the code below I am trying to create a bookmarklet which
references a web service but I'm getting the following error when
accessing from a different domain.:
uncaught exception: Access to restricted URI denied
(NS_ERROR_DOM_BAD_URI)
[Break on this error] xhr.open(type, s.url, s.async);
The code is
var s=document.createElement('script');
s.setAttribute('src', 'http://code.jquery.com/jquery-nightly.js');
document.getElementsByTagName('body')[0].appendChild(s);
s.onload=function(){
url = window.location.href;
var name='Someone';
var question = 'something';
var details='';
$.post("http://chief:8080/parse_place", { url: url },
function(data){
if (data.request_dom != '') {
console.log('got request');
question = eval(data.request_dom);
}
if (data.details_dom != '') {
console.log('got details');
details = eval(data.details_dom);
}
if (data.requester_dom != '') {
console.log('got requester');
name = eval(data.requester_dom);
}
}, "jsonp");
alert(name+" asked '" + question + "''\n\n" + details + "\n\nURL: " +
url);
};
void(s);
Any advice on working around the security issue if possible
appreciated.
Many thanks
.M.