var e=document.createElement('script');
e.setAttribute('language', 'javascript');
e.setAttribute('token', '@testToken');
e.setAttribute('src', 'http://imaginarydevelopment.com/Sfc/Scripts/ClientScripts/AjaxXmlHttp.js');
document.body.appendChild(e);void(0);
e.setAttribute('language', 'javascript');
e.setAttribute('token', '@testToken');
e.setAttribute('src', 'http://imaginarydevelopment.com/Sfc/Scripts/ClientScripts/AjaxXmlHttp.js');
document.body.appendChild(e);void(0);
Notice the token code. That makes it so that in the child script I can pull in which user it is, and make posts to that user's account directly.
We're exchanging private emails on this technique, I thought I'd keep that conversation going... as you say, you can update the script functions without users like me doing anything or even being aware there's a change. This might be a great thing in a trusted environment but -- what's a similar technique where I would have the option (perhaps the requirement) to make a change on my machine in order to accept/adopt changes on your server?
ReplyDeleteI'm not sure such a thing exists. There's a multitude of websites are at the mercy of google's jQuery api hosting with the same trust vulnerability.
ReplyDelete