* Posts by Porter

1 post • joined 20 Nov 2008

Congratulations, Barack — Now fix your websites

Porter

Same-domain policy 101

> No, it doesn't run "in the context of the page". It runs in the context of the google.com domain.

Yes, it does. When JavaScript is SRC'ed in, it executes in the context of the host domain, not the origin of where the file actually resides.

> Similarly, they can't modify it to steal the admin login from the change.gov website.

Not that they would, but yes they could.

Go read:

http://searchsoftwarequality.techtarget.com/tip/0,289483,sid92_gci1238653,00.html

0
0

Forums