O'Reilly logo

Learning jQuery - Fourth Edition by Karl Swedberg, Jonathan Chaffer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security limitations

For all its utility in crafting dynamic web applications, XMLHttpRequest (the underlying browser technology behind jQuery's Ajax implementation) is subject to strict boundaries. To prevent various cross-site scripting attacks, it is not generally possible to request a document from a server other than the one that hosts the original page.

This is typically a positive situation. For example, it is possible to parse incoming JSON data by calling eval() (unlike jQuery.parseJSON(), which uses safer techniques). If malicious code were present in the file, it would be executed by the eval() call. The JavaScript security model limits the risk here by requiring that the requested file reside on the same server as the web page itself, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required