Hacker News new | past | comments | ask | show | jobs | submit login

Yup...you're right. Maybe the URLs or even embedded within the script. An extension update mechanism (if any?) could bring in new versions.

But now I'm way out into conjectureland. Just thinking out loud here.




In firefox, the only way to do cross domain xhr was to access a javascript object outside of the browser sandbox, make the call, then send the data back. I'd be pretty confident that google chrome's version would have the same security limitations.


Greasemonkey lets you do it - with GM_xmlhttpRequest:

http://diveintogreasemonkey.org/api/gm_xmlhttprequest.html




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: