For all its utility in crafting dynamic web applications,
XMLHttpRequest (the underlying browser technology behind jQuery's Ajax implementation) is subject to strict boundaries. To prevent various cross-site scripting attacks
, it is not generally possible to request a document from a server other than the one that hosts the original page.
This is typically a positive situation. For example, some cite the implementation of JSON parsing by using
as insecure. If malicious code is present in the data file, then it could be run by the
eval() call. However, as the data file must reside on the same server as the web page itself, the ability to inject code in the data file is largely equivalent to the ability to inject code ...