Due to "security reasons" many Web Browsers doesn't allow cross domain XMLHttpRequests. In fact this is only troublesome for web developers and not for virus coders/crackers/etc. Some time ago there was presetened a technic which used cssText property to perform some cross domain requests. After some research I was able to create an object that has some part of original XMLHttpRequests functionality and allows Cross Domain requests. In conclusion Web Browers Developpers should allow some limited cross domain XMLHttpRequests. My implementation (MyXMLHttpRequest) uses script tag but it is possible to use different ones (for instance style). It was tested on all modern web browsers. PoC: http://sectroyer.110mb.com/ It uses both XMLHttpRequest and MyXMLHttpRequests. Michal Majchrowicz.
This archive was generated by hypermail 2.1.3 : Thu Apr 19 2007 - 18:36:20 PDT