<script> tags aren't subject to cross-___domain restrictions. Think about i... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

feross on Sept 11, 2010 | parent | context | favorite | on: Heard of Google Instant? Well, I built YouTube Ins...

<script> tags aren't subject to cross-___domain restrictions. Think about it - all those website statistics scripts are hosted on external servers, but their Javascript gets executed just fine. By dynamically inserting <script> tags into the page, you can force Javascript from another ___domain to execute in your ___domain.

shajith on Sept 11, 2010 [–]

Got it, thanks. I finally got around to learning JSONP.

JQuery's $.ajax API handles it automatically for you too (if you use the 'jsonp' or 'script' dataType options), which is very nice.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact