I'm building a site and I would like to have external content dynamically loaded in a div using jQuery. The content could be a google search page, where one can navigate without actually leaving the site. Could someone exploit this and drive to a content of his own and run malicious code inside my site? Are there ways to prevent this? Is using an iframe the best bet?
views:
35answers:
1
A:
Your main concerns, when doing cross-domain AJAX are cross-site request forgery and cross-site scripting. A quick Google search, revealed this article. So instead of paraphrasing, I'd just reccommend you go and read it and follow some of the links to more in-depth discussions on the expoits you are opening yourself up to.
Kieran Hall
2009-09-18 09:29:50