<div class="grid--cell fl1 lh-lg">
<div class="grid--cell fl1 lh-lg">
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, <a href="/help/reopen-questions">visit the help center</a>.
</div>
</div>
</div>
<div class="grid--cell mb0 mt8">Closed <span title="2012-09-11 17:35:35Z" class="relativetime">7 years ago</span>.</div>
</div>
</aside>
Cross domain ajax requests are denied, but I can around it by this:
$(document).ready(function () {
var data = ...;
$('<img>').attr('src', 'http://domain.com?data=' + escape(data)).appendTo('body');
});
So if I really want I can send data to another domain. Also I can get data the same way, but on load I can for example move it on canvas and then read pixels.
So what is the point in this restriction and what it can save from?
</div>
You still can't read in javascript the pixels of your image when it comes from another domain. So you didn't go around anything.
A page can't manipulate or even read something coming from another domain without the collaboration of the server. This protects the user from many manipulations (google XSS attacks).
So what is the point in this restriction and what it can save from?
The point is to prevent your site from reading data from a remote site, not to prevent it sending data.
For example, you can't make my browser go to my bank and fetch my account details so you can send them to your webserver.
The same origin policy wouldn't prevent you submitting a request that money be transfered to your server, but that is why sites have to implement defences against CSRF attacks.