Security Limitations
For all its utility in crafting dynamic web applications, XMLHttpRequest (the underlying browser technology behind jQuery’s AJAX implementation) is subject to strict boundaries. To prevent various cross-site scripting attacks, it is not generally possible to request a document from a server other than the one that hosts the original page.
This is generally a positive situation. For example, some cite the implementation of JSON parsing by using eval() as insecure. If malicious code is present in the data file, it could be run by the eval() call. However, since the data file must reside on the same server as the web page itself, the ability to inject code in the data file is largely equivalent to the ability to inject code in the page directly. This means that, for the case of loading trusted JSON files, eval() is not a significant security concern.
There are many cases, though, in which it would be beneficial to load data from a third-party source. There are several ways...
