Dr Nic Williams has written up a tutorial on how to embed your components on another site using a XSS approach instead of an iframe one.
The run-thru of what will happen
The user will load up the webpage (e.g. Ajaxian mock page) that has a small
< script src="https://yoursite.com/magic_xss.js”></script > snippet in it . When the page is loaded, the
magic_xss.js file is loaded too. The user doesn’t know nor care.
magic_xss.js file is loaded it will do a couple of things:
- Install any stylesheets it needs
- Insert an empty, invisible HTML element into the page (e.g.
<div id="my_magic_xss" />).
- Read in any variables (e.g. Google Adsense requires the website owner to specify a number of variables, such as
- Insert new HTML into the
#my_magic_xsselement based on the data that is returned from your own server. Your server - not the host website’s server.
Continue for more info....
DIY Widgets, How to embed, XSS, Components, of your site on another site