Hi malware fighters,
What is the importance of the same domain policy, and what browsers have what exemptions to this rule, and a lot other very import considerings to have at the back of your head, read online in these nice articles:
http://www.devarticles.com/c/a/JavaScript/JavaScript-Security/1/
and this: http://devedge-temp.mozilla.org/library/manuals/2000/javascript/1.3/guide/sec.html
Enjoy,
polonus
N.B. When you hit obfuscated JS you can nullify that encryption here online:
http://www.netdemon.net/haywyre/