I want to enable cross site scripting for some sites. Specifically, I want to submit a web form to a 3rd party site, I have set the target iframe for the web form's response to a child iframe, now I want my code in main window to retrieve content of the response web page.
Am I correct in assuming that I can do the above by simply disabling the XSS Filter in Internet Explorer? Or is something else also required? Also how do I enable cross site scripting in Firefox (for the same scenario?)
IE's XSS filter does not protect against DOM Based XSS. So in order to execute a javascript payload across domains you can simply run eval() the request variable or use document.write().
A more common approach is to use a "cross-domain proxy". Mainly because this approach usually doesn't introduce a gaping vulnerability which could be used to attack your users.