Cross-site AJAX with FF3
One of AJAX developers’ first stresses was cross-side scripting. With all these data APIs that are available in XML or JSON, one could easily fetch it with a XMLHttpRequest and parse it right on the client. There are a few hacks around this, being the simpliest a “small proxy script” in the same server your application. Other solution used by many websites that isn’t as simple, but easier to distribute is including code with the script tag since it allows code from other domains. So this is a demanded features.
According to W3C Access Control working draft, Firefox 3 now supports cross-site XMLHttpRequests. You can set a resource to be accessible for all other domains, or specify the ones allowed through the HEADER or the XML way.
I believe now the code will be more equaly distributed between the client and server. Browsers that support Javascript should run in computers with some processing capabilities (even iPhones, Android, WM and even normal phones that will be supporting javascript in a few years) and I can even see some Javascript-only applications using CouchDB as a database (with read-only privileges for external connections).
Only waiting for Microformat support to come out :) And by the way, FF3 is already my main browser in the mac!
Ricardo Portela
The problem is the time it will take for us to be able to use it in a production service...
Just a small correction:
It's called Cross Site Scripting [XSS] (see: http://en.wikipedia.org/wiki/Cross-site_scripting)
Another problem that comes in the "bag" is Cross Site Request Forgery [XSRF] (see: http://en.wikipedia.org/wiki/Cross-site_request_forgery)
Probably you already know them, just for reference and context for some readers.