Tuesday, 7th December 2010
Why do browsers allow cross-domain JavaScript to execute but not XMLHttpRequests?
It’s called the Same Origin Policy, and it’s principally about intranets. Imagine you have a URL http://intranet.corp/top-secret-...—and you then visit http://evil.example.com/ . If cross domain XHR was allowed the evil site could suck that secret document off your intranet without you realising.
[... 105 words]What are the underlying, unspoken values of TED?
Not unspoken, but the ten commandments they send out to their speakers are pretty interesting: http://www.ted.com/pages/360
[... 31 words]