O'Reilly logo

Learning jQuery Third Edition by Karl Swedberg, Jonathan Chaffer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security limitations

For all its utility in crafting dynamic web applications, XMLHttpRequest (the underlying browser technology behind jQuery's Ajax implementation) is subject to strict boundaries. To prevent various cross-site scripting attacks , it is not generally possible to request a document from a server other than the one that hosts the original page.

This is typically a positive situation. For example, some cite the implementation of JSON parsing by using eval() as insecure. If malicious code is present in the data file, then it could be run by the eval() call. However, as the data file must reside on the same server as the web page itself, the ability to inject code in the data file is largely equivalent to the ability to inject code ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required