note
betterworld
<blockquote><i>I've thought for a while now that browsers probably shouldn't allow POST requests for another domain (especially scripted ones). Unfortunately that would break lots and lots of web applications</i></blockquote>
A good start would be to warn the user that the form is sent to an external site, and not to send cookies.
606832
606838