Given one website hosting a "widget" of another website, where that widget is not in an iframe but simply js dom manipulation and content fed through a jsonp connection. If the js file that serves the widget writes a javascript cookie will that cookie be marked with the domain that is hosting the widget js file or the domain that the widget is being displayed on (eg the domain that is hosting the html file that is includ开发者_Go百科ing the widget js file)?
It's the domain of the user's HTTP request (or the HTML file, in your example).
Here's why: imagine you’re on http://www.blackhat.com/test.html and include this file on that page http://www.facebook.com/cookielib.js.
This does not give you the right to read or write Facebook cookies with that JS file, that would be terrible. The user agent considers the domain in the address bar as the execution context, and all reading and writing of cookies happens on that domain.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论