On the drive to work today, I started wondering what it would take to stop cross site scripting. Not from a website perspective - because god knows that’s such a huge task it would take forever to accomplish. But rather, what would happen if all the browsers, on the same day at the same time decided to shut off remote script includes? That would be great from a web application security perspective, but what exactly would break if that happened? A lot is the short answer, but here are a few things that make Fortune 500 type companies rely on it:
AJAX Information super-highway 2.0, here we come! Tons of applications are starting to request off host XML files to include in their website. It’s the new way to deliver content without refreshing the page. If we got rid of it, what would happen? Well, we’d probably go back to refreshing the web-page, or using some other cross domain software, like Flash. I doubt anyone is giving up on this one any time in the near future.