Monday, August 25, 2008

Same origin policy

After reading all those cross domain attacks, I was wondering how the browsers are protecting naive user from the cross domain manipulated page displays from scripts. The reason it works is because all browsers follow same origin policy. The same origin policy prevents document or script loaded from one origin from getting or setting properties of a document from a different origin.

More details on single origin policy on google help pages.

No comments: