Comments on: CSSHttpRequest: cross-domain Ajax using CSS for transport. http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport Cleaning up the web with Ajax Thu, 17 May 2012 07:43:39 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: borisreitman http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-273285 borisreitman Sun, 03 May 2009 13:59:24 +0000 http://ajaxian.com/?p=4880#comment-273285 Checkout http://code.google.com/p/crossxhr/ for an alternate implementation based on flash. Checkout http://code.google.com/p/crossxhr/ for an alternate implementation based on flash.

]]> By: Aimos http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268406 Aimos Sat, 25 Oct 2008 12:44:04 +0000 http://ajaxian.com/?p=4880#comment-268406 I could write CSS as JSON like here http://www.featureblend.com/css-json.html and ajax it with jquery onReady and attach like so all css at the end. CSS these days gets very huge. The only problem would be the caching of the actual css file. If it would be possible to do that and at the end attach via jquery an external css file to the dom and the browser caches that file. It could be fast. May be ... no idea :D I could write CSS as JSON like here http://www.featureblend.com/css-json.html and ajax it with jquery onReady and attach like so all css at the end. CSS these days gets very huge. The only problem would be the caching of the actual css file. If it would be possible to do that and at the end attach via jquery an external css file to the dom and the browser caches that file. It could be fast. May be … no idea :D

]]> By: Jordan http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268403 Jordan Sat, 25 Oct 2008 05:05:38 +0000 http://ajaxian.com/?p=4880#comment-268403 "...untrusted third-party JavaScript cannot execute in the context of the calling page." What about loading a CSS file with: body {width:expression("alert('code');")} “…untrusted third-party JavaScript cannot execute in the context of the calling page.”

What about loading a CSS file with:

body {width:expression(“alert(‘code’);”)}

]]> By: PeterMichaux http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268401 PeterMichaux Fri, 24 Oct 2008 21:56:19 +0000 http://ajaxian.com/?p=4880#comment-268401 VK on comp.lang.javascript did similar hacky things http://jsnet.sourceforge.net/ I wouldn't use this technique. Too hacky. VK on comp.lang.javascript did similar hacky things

http://jsnet.sourceforge.net/

I wouldn’t use this technique. Too hacky.

]]> By: Hans Schmucker http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268400 Hans Schmucker Fri, 24 Oct 2008 20:31:51 +0000 http://ajaxian.com/?p=4880#comment-268400 Whenever a non local image is drawn onto a canvas it becomes "tainted" and won't allow for pixel level manipulation anymore. They thought of that :) Whenever a non local image is drawn onto a canvas it becomes “tainted” and won’t allow for pixel level manipulation anymore. They thought of that :)

]]> By: Spocke http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268399 Spocke Fri, 24 Oct 2008 18:21:51 +0000 http://ajaxian.com/?p=4880#comment-268399 Hacks like this isn't that future proof. But they are still interesting. :) But I think the window.name approach is cleaner even though it is also a hack. Hacks like this isn’t that future proof. But they are still interesting. :) But I think the window.name approach is cleaner even though it is also a hack.

]]> By: blinkingmarquee http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268398 blinkingmarquee Fri, 24 Oct 2008 16:52:01 +0000 http://ajaxian.com/?p=4880#comment-268398 of the CANVAS tag the above should have said of the CANVAS tag the above should have said

]]> By: blinkingmarquee http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268397 blinkingmarquee Fri, 24 Oct 2008 16:51:28 +0000 http://ajaxian.com/?p=4880#comment-268397 Does not work in Opera 9.6 unfortunately. Could an exploit of the tag's getPixel() allow similar data passing cross domain from picture files? Seems like this has already been thought of in Opera 9.x Does not work in Opera 9.6 unfortunately.

Could an exploit of the tag’s getPixel() allow similar data passing cross domain from picture files? Seems like this has already been thought of in Opera 9.x

]]> By: ThomasHansen http://ajaxian.com/archives/csshttprequest-cross-domain-ajax-using-css-for-transport/comment-page-1#comment-268394 ThomasHansen Fri, 24 Oct 2008 16:28:08 +0000 http://ajaxian.com/?p=4880#comment-268394 Funny, unfortunately probably not anything more than funny though ... ;) My guess is that this will only work until most browser vendors figures it's actually a security hole or something... Funny, unfortunately probably not anything more than funny though … ;)
My guess is that this will only work until most browser vendors figures it’s actually a security hole or something…

]]>