See here for the same suggetion for Firefox, including images:
In the course of enforcing Same Origin policy, Internet Explorer (like other
browsers) blocks attempts to access content from other websites through,
e.g., <iframe> elements or XMLHttpRequest calls.
Because this particularly stops Internet Explorer from making use of web
services by using the XMLHttpRequest object, I'd like to suggest to enable
the user to create a white list of web sites (or URL paths) that are allowed
to access a list of foreign websites (or URL paths).
Here are the details:
(I've created a couple of Firefox sample dialogs and added them as
attachments to the above hyperlink at Mozilla. I'm running the German version
of Firefox so they are all in German. Most content is taken from the current
pop-up configuration dialog.)
* Like with pop-up dialogs, Internet Explorer should provide a dialog where
the user can edit a white list [see CSS1.png].
* This white list should allow to enter websites (or URL paths, I can't
tell what's more appropriate).
* For each of these websites (or URL paths) the user should be able to
enter a number of websites (or URL paths) that the website may address
through an <iframe> element or the XMLHttpRequest object (or any similar
means) [see CSS2.gif, which is animated]. In the following the former is
called "source websites", the latter "destination websites".
* [CSS2a.png] shows the dialog when the user is to enter a new source
website. [CSS2b.png] shows the dialog when the user is to enter a new
destination website for the selected source website ("mozilla.org" in this
* The user should be able to grant access to ANY foreign destination
content for a source website (or URL path). The asterisk ought to be used to
denote that a source website (or URL path) may access any foreign destination
content [see CSS2d.png].
* The user might want to grant access to certain web services to ANY source
website without restriction (e.g. package tracking services). So entering an
asterisk into the list of source websites (or URL paths) would allow the
destination websites (or URL paths) listed in the destination list to be
accessed by any arbitrary source [see CSS2e.png].
* To inform the user of a blocked foreign request attempt, Internet
Explorer should display a yellow bar above a document when such request(s)
has or have been blocked. The yellow bar should allow to enter the currently
blocked request(s) into the white list an re-attempt to execute these
requests [see CSS3.png].
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.