Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m building a site and I would like to have external content dynamically loaded in a div using jQuery. The content could be a google search page, where one can navigate without actually leaving the site. Could someone exploit this and drive to a content of his own and run malicious code inside my site? Are there ways to prevent this? Is using an iframe the best bet?
Your main concerns, when doing cross-domain AJAX are cross-site request forgery and cross-site scripting. A quick Google search, revealed this article. So instead of paraphrasing, I’d just reccommend you go and read it and follow some of the links to more in-depth discussions on the expoits you are opening yourself up to.