CSSHttpRequest (via) Devious cross-domain Ajax hack that uses CSS for transport (@import rules with data URIs, but it still works in IE). Similar to JSONP but safer, since JSONP can cause arbitrary JavaScript to execute.
Sign in with 
OpenID
Perfect. Ideal hack; makes you sit open-mouthed with wonder and go "ugh! ugh! that's horrid!" all at the same time. I have no better description of a great piece of work.
Also, didn't know about the about: URI approach...
Am i the only one thinking *YUK* !?
Please, just use a safe proxy if you really want to do cross-domain stuff, or wait for the new standards. This is just *nasty* imo
(great hack though ofcourse, respect to the find)
IE6/IE7 can run javascript inside CSS, right ? And, I remember Firefox 3 already have cross-domain XHR support, IE8 also have their own cross-domain XHR plan.
So I think CSSHttpRequest is not very useful to provide security in the world...
gslin - 24th October 2008 08:09 - #
Pretty much every browser can execute JavaScript expressions of some sort in CSS. CSSHttpRequest suppresses this by using media="print".
Also, waiting for browsers’ cross-domain XHR implementation isn’t exactly an option for developers *today*.