Scenario
In this example we will be a marking request to some remote site, in this case Yahoo, that will be returning a JSON payload. However, because externals (sorry Yahoo) really can't be trusted as we have seen in other examples we don't want to evaluate their code within our own exact origin. Evaluating it elsewhere will hopefully keep data from this page and any associated cookies from being stolen.
To accomplish this task we need to employe an iframe technique with different domains that loosen the same origin policy thru the document.domain setting. The main page is running under www1.ajaxref.com domain. The bridge iframe is also running under www1.ajaxref.com to start. It then sets up a link object with the main page and changes its domain to ajaxref.com. The request iframe is running under www2.ajaxref.com. It also sets it's domain to ajaxref.com so that the bridge domain can pass the link object from the main page to it. Then the bridge domain has finished its work and the main page and the request iframe communicate through the object. Note that you do not want the main page to be running at the base domain of ajaxref.com as that is the domain the request iframe will change to in order to communicate with the bridge. As long as your cookies are stored in a higher domain (ie www1.ajaxref.com), the request page and therefore any executing code will not have access to them.