The Same Origin Policy Documentation says this:
There is one exception to the same
origin rule. A script can set the
value of document.domain to a suffix
of the current domain. If it does so,
the shorter domain is used for
subsequent origin checks. For example,
assume a script in the document at
executes the following statement:
document.domain = company.com;
that statement executes, the page
would pass the origin check with
However, by the same reasoning,
company.com could not set
document.domain to othercompany.com.
Do all popular browsers support this? If not, which ones don't?