What are the rules for cross-domain AJAX requests for dynamic local content?

If I'm using a .NET WebBrowser control, and I dynamically populate the HTML, JS content, what exactly are the rules for AJAX cross-domain requests? I know I don't technically have a domain since it's local content, but I'm not sure how the browser hand开发者_如何学Pythonles this.

First of all, make sure you know what you're doing and the possibility for XSS attacks before you do this. It is possible to have cross-domain AJAX with <script> tags with some server-side modifications though, for example I used this:

var AjaxFunctId = 0
var DAjaxFuncts = {}
function CrossDomainAjax(URL, Query, Callback) {
    AjaxFunctId += 1
    var script = document.createElement('script')
    script.type = 'text/javascript'
    script.defer = true

    if (Query) Query = Query+'&'
    script.src = URL+'?'+Query+'Callback=DAjaxFuncts['+AjaxFunctId+']'
    var head = document.getElementsByTagName('head').item(0)
    head.appendChild(script)

    var Fn = DAjaxFuncts[AjaxFunctId] = function(Rtn) {
        Callback(Rtn)
        head.removeChild(script) // Clean up!
        delete DAjaxFuncts[Fn.id]
    }
    Fn.id = AjaxFunctId
}

e.g:

CrossDomainAjax('http://127.0.0.1/MyURL', 'myparam=myvalue&myparam2=myvalue2', MyFunction)

The Callback parameter in that function adds a Callback parameter to the request to the local server, so you'd need the server to output:

CALLBACK ID(AJAX DATA)

So that the function can access the data.

I know I don't technically have a domain since it's local content, but I'm not sure how the browser handles this.
Then your 'domain' would be 'localhost', '0.0.0.0', '127.0.0.1' or whatever else you entered in the browser. Same rules apply as for any 'real' domain: no requests to other domains (with few minor exceptions).
There is nothing .NET-specific, AFAIK.