The main CrossSafe page is at http://www.xucia.com/page/CrossSafe, where you can download CrossSafe. CrossSafe provides secure cross domain JSON requests and partially implements the JSONRequest specification (the get and cancel methods). XMLHttpRequest follows a same origin policy, and because of this, when developing mashups that involve retrieving data from servers other than the origin, developers have typically had to decide between a secure, but slow connection that through a proxy, or a direct, faster, but unsecure dynamic script tag retrieval of information. CrossSafe allows fast, direct, and secure connections to foreign servers from the browser. CrossSafe uses the JSONRequest API as it provides a subset of the JSONRequest features. CrossSafe does not implement the entire specification. However, developers can use the JSONRequest API in CrossSafe to make cross domain requests (which is one of the primary motivations for JSONRequest), and if and when browsers implement JSONRequest natively, CrossSafe will simply leave the JSONRequest object alone, and code will continue to operate with the benefits of a native implementation. CrossSafe uses a technique for securing communication that is similiar to the Subspace approach which can be read about here.

CrossSafe does have limitations. CrossSafe still requires a callback parameter (like JSONP) to be implemented by foreign servers (it uses sandboxed script tag insertion internally). CrossSafe also requires certain host names on the origin server to be accessible. See the limitations sections for more information.