29th January, 2006
My initial experiments worked well - I made a little bookmarklet that would take the URL of the current page, search google for related pages and display the results in a fixed-position div with scrollbars. Very nice, although not that useful.
Then I came up with what I thought would be a really nice thing. Dynamic validation of the current page with a display of any errors, all without leaving the page.
This requires that the source of the page be sent to W3C. Getting the source of the page (minus the doctype, grrr!) can be done with a document.body.parentNode.innerHTML. Unfortunately (in this context only) there is a maximum allowed length of URLs, forcing me to POST the data to W3C.
Now, things are getting a little complicated as POSTing normally requires a form. However, I found that Scriptaculous (among other AJAX frameworks) can do this via a xmlhttprequest. So far so good and testing locally seems to work.
It would seem that the above idea is very similar to the technique used in Cross-site scripting, where data from the user is sent to another (malicious) server without his knowledge. In order words: A security problem. I assume that's why the browser refuses to do anything with my Ajax-code when I try to access a foreign server (like w3.org).
Hot damn, it would have been nice.