Home/ Questions/Q 1030623
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T12:43:48+00:00

Just curious if anyone can explain to me why I can request a page

  • 0

Just curious if anyone can explain to me why I can request a page from a bookmarklet like this one:

javascript:var%20s=document.createElement('script');var data=encodeURI(location.href)+encodeURI('\n\n')+(encodeURI(document.getElementsByTagName('body')[0].innerHTML));s.setAttribute('src','http://example.com/remote.php?id=68&act=new&data='+data);document.getElementsByTagName('body')[0].appendChild(s);void(s);

Which goes out and request a page and can even provides GET-variable input.

However, I can’t make a post/get XHR with ajax through something like jQuery due to same origin policy… Why? Is this a browser issue or part of standards?

note: I changed the bookmarklet.
Note 2: My question is why isn’t this a violation of policy?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The difference is that you cannot (directly) read the response that becomes the <script> element.

    If the URL happens to return Javascript that defines useful functions, you can use it.
    If it contains anything else (such as JSON or XML data), you cannot read the response.

    Similarly, you can make an <img> element that points to an image in a different domain.

    • 0