Start Python at client side from web app

Diez B. Roggisch deets at
Thu Jan 22 20:40:38 CET 2009

Rob Williscroft schrieb:
> Diez B. Roggisch wrote in news:6tpo16FbacfjU1 at in
> comp.lang.python: 
>>> 2) create a localhost web server, for the client side manipulation.
>>> Then have your remote webserver render a form that posts via
>>> javavscript to the localhost webserver.  The localhost server would
>>> post back in the same way.
>> AFAIK the JS security model prevents that.
> Are you thinking of frames?, or the way IE 7 complains about 
> runnning javavscript (though it bizzarly calls it an "running 
> an ActiveX control" )?.

Before posting, I tried a jQuery-ajax-call inside Firebug from some 
random site to google. It bailed out with a security execption.

And I found this:


The Same-Origin Policy
The primary JavaScript security policy is the same-origin policy. The 
same-origin policy prevents scripts loaded from one Web site from 
getting or setting properties of a document loaded from a different 
site. This policy prevents hostile code from one site from "taking over" 
or manipulating documents from another. Without it, JavaScript from a 
hostile site could do any number of undesirable things such as snoop 
keypresses while you’re logging in to a site in a different window, wait 
for you to go to your online banking site and insert spurious 
transactions, steal login cookies from other domains, and so on.

Now there might be ways around this - but these sure are hacky, and not 
exactly the thing to look after.


More information about the Python-list mailing list