Best Practice: Legitimate Cross-Site Scripting

Question

While cross-site scripting is generally regarded as negative, I\'ve run into several situations where it\'s necessary.

I was recently working within the confines of

Answer 1

iframe remote content can be accessed by local javascript.

The remote server just have to set the document.domain of the page.

Eg:

Site A contain an iframe with src='Site B/home.php'

home.php looks like this :

[php stuff]...[/php]
[script type='text/javascript']document.domain='Site A'[/script]