Added: jquery/jquery.xsajax.html
===================================================================
--- jquery/jquery.xsajax.html	                        (rev 0)
+++ jquery/jquery.xsajax.html	2007-04-13 14:39:58 UTC (rev 36)
@@ -0,0 +1,82 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+    <head>
+        <title>jQuery XS AJAX Plugin</title>
+    </head>
+    <body>
+        <h1>jQuery XS AJAX Plugin</h1>
+
+        <h2>Description</h2>
+
+        It is well known that with the help of a dynamically generated
+        DOM node corresponding to a XHTML <tt>&lt;script&gt;</tt>
+        element one can achieve a portable cross-site (XS) variation
+        of an AJAX-style client-server communication as the
+        <tt>&lt;script&gt;</tt> element is <i>not</i> staying under the
+        "same-origin security policy" which restricts all the regular
+        AJAX methods. This allows one to asynchronously load JavaScript
+        code from a third-party URL.
+
+        <p/>
+        The JavaScript code in <a
+        hrf="jquery.xsajax.js"><tt>jquery.xsajax.js</tt></a> is a <a
+        href="http://jquery.com/">jQuery</a> plugin, providing an
+        abstraction layer for this functionality by resembling the
+        standard AJAX-based <tt>jQuery.getScript(url, callback)</tt> function with a
+        companion <tt>jQuery.getScriptXS(url, callback)</tt> function.
+
+        <p/>
+        Notice 1: the point of this plugin is not the bare dynamic
+        generation of the <tt>&lt;script&gt;</tt>. The point is
+        that a callback function is executed once the script was
+        loaded and executed by the browser and that the generated
+        <tt>&lt;script&gt;</tt> is automatically garbage collected from
+        the DOM again afterwards.
+
+        <p/>
+        Notice 2: the possibility to load a JavaScript file from a      
+        sibling but third-party URL is also of great interest when      
+        one wishes to set cookies for the third-party URLs. Suppose     
+        you have three websites www.example.com, www.example.net and    
+        www.example.org and on www.example.com/login you have your      
+        customer login form. Once the customer was authenticated,       
+        a cookie containing a "certificate" should be set. Setting      
+        this for ".example.com" is trivial, but how do you at the       
+        same time set it for all three domains? The solution is         
+        this: www.example.com/login uses jQuery.getScriptXS() to        
+        send the issued "certificate" via a query string to both        
+        www.example.net/reflector and www.example.org/reflector.        
+        Behind those URLs a small CGI just converts the "certificate"   
+        in the query string into a corresponding HTTP response cookie   
+        (now for its own domain!) and returns even a possibly empty     
+        JavaScript script. Once www.example.com/login has received the  
+        two final notification (via the callback function) that both    
+        scripts were loaded, it knows that the two third-party cookies  
+        were set and can proceed by forwarding to the next page in      
+        sequence. Last hint: keep P3P in mind for MSIE when setting
+        the cookie in the HTTP response ;-)
+
+        <h2>Example</h2>
+
+        <ul>
+          <li>http://www.example<b>.com</b>/test.html:<br/>
+            <pre>
+            &lt;script type="text/javascript"&gt;
+               jQuery.$foo = "bar";
+               alert("jQuery.$foo="+jQuery.$foo);
+               jQuery.getScriptXS(
+                   "http://www.example<b>.net</b>/test.js",
+                   function () { alert("jQuery.$foo="+jQuery.$foo); }
+               );
+            &lt;/script&gt;
+            </pre>
+          </li>
+          <li>http://www.example<b>.net</b>/test.js<br/>
+            <pre>
+              jQuery.$foo = "quux";
+            </pre>
+          </li>
+        </ul>
+    </body>
+</html>