320 Part II: Developing an Ajax Library^
History Exposure: The Start of a Hack
The same-origin policy is very important from a user privacy and security perspective.
Without it, scripts in active documents from arbitrary domains could snoop not only the
URLs you visit, but the cookies for these sites and any form entries you make. Most modern
browsers do a good job of enforcing this policy, though sadly some older browsers did not.
Yet, even with the same origin policy in effect, hackers have found a number of ingenious
ways to help themselves to private data often in seemingly harmless ways and from small
disclosures they build a variety of compromises.FIGURE 7-11 Alert the authorities: my XHR has been hijacked!