Embedding your site's functionality into anothers with Rails 3 (XSS vs iframes)

Question

We are looking to integrate the display of some of our models, as well as a payment process, with some of our client's websites. It seems that everybody is going the Iframe route, but this also looks to be rather outdated when compared to XSS techniques.

How would one go about using XSS in rails 3 to enable multi page browsing functionality of elements of our site in another's site? As I understand it, we need to get a correct JSON protocol going, custom rendering in the client's website of the JSON, as well as maintaining state between page changes in the payment process and shopping cart.

Iframes certainly seem easier, but I am open to discussion around this, and an explanation of using XSS.

Answer 1

You need JSONP to do Cross domain scripting. This is a good article explaining it: http://emphaticsolutions.com/2011/01/21/functional-widgets-with-rails-javascript-jsonp.html

Here's a discussion on iframe vs jsonp: JSONP vs IFrame?

Also learn more about JSONP: https://www.google.com/search?q=writing%20widgets%20with%20jsonp