Class Ajax applications, JavaScript cross-origin access

I have an application similar to Ajax here. The key technology is the application of the src attribute of the <SCRIPT> tag.

Please refer to the following HTML code

<HTML> 
Love index: <span id = "love" style = "color: Violet"> click test to obtain data </span> <br> rain index: <span id = "Rain" style = "color: Blue"> click "test" to obtain data. </span> <br> nutrition index: <span id = "nutri" style = "color: Green"> click "test" to obtain data. </span> <br> level: <span id = "Gardener" style = "color: #996633"> click "test" to obtain data. </span> </body> 
 
You can copy the above Code to your local computer and open it with IE or Firefox. click the button.
I found that I didn't click New pages to achieve dynamic results, and the returned data was obtained through cross-origin. We all know that JavaScript cannot be accessed across domains. It's amazing ....
Carefully studying the code and discovering the wonders
This code:
    var s = document.createElement("SCRIPT");    s.id="cgi_emotion_list";     document.getElementsByTagName("HEAD")[0].appendChild(s);    s.src="http://g2.qzone.qq.com/fcg-bin/cgi_emotion_list.fcg?uin=123456";
The browser parses the script Element Through Dom and adds the ID and SRC attributes.
Here is the official explanation of the src attribute of the script element in W3C specifications:
ThescriptElement allows authors to include dynamic script in their documents.
WhensrcAttribute is set,scriptElement refers to an external file. The value of the attribute must be a URI (or SIRI ).
IfsrcAttribute is not set, then the script is given by the contents of the element.
Explanation:
If the src attribute of the script tag is defined, the script tag involves an external file, and the attribute value must be a URL.
That is to say, the script will reference the content of the file from this URL.
Everybody accesses this connection in the browser: http://g2.qzone.qq.com/fcg-bin/cgi_emotion_list.fcg? Uin = 123456.
The servlet URL similar to Java returns the following data:
Visitcountcallback
({& Quot; visitcount & quot;: 65188579,
"Dayvisit": 8658,
"Spacemark": 0,
"Markchange": 0,
"Sun": 1680,
"Love": 478,
"Rain": 1680,
"Nutri": 1450,
"Level": 5,
"Gardener": 1 });
This string is a JavaScript function, and the input is a JSON string. The returned data also calls the preceding JavaScript function:
Function visitcountcallback (data) {document. getelementsbytagname ("head") [0]. removechild (document. getelementbyid ("cgi_emotion_list"); For (var I in data) {var E = document. getelementbyid (I); If (e) E. innerhtml = data [I] ;}}
In the function, the JSON data returned by the innerhtml bar is filled into the body, so that the data is obtained asynchronously without refreshing the page.
There is another key issue:
Http://g2.qzone.qq.com/fcg-bin/cgi_emotion_list.fcg? Uin = 123456.
It is a URL of the QQ space (uin is a QQ number, you can enter your own QQ number to try), JavaScript calls the data of other domains.
This method is relatively simple to obtain data, and can also access data across domains. It is more suitable for some simple and less refreshing effects.
I am somewhat worried that, if the browser is updated one day and the access method is denied, the data may become unavailable,
We recommend that you use this method with caution !!!
Http://blog.chinaunix.net/u/25176/showart_437066.html