We used to do that stuff using frames back in the day. You’d have a hidden frame, change its url and look at what that dom contains. At scale, too. I was amazed at all the hoo-haa around that “new” xmlhttp API
We did the same thing, and to dynamically pull in content into the parent context, we created our own script block tag.
<div type="javascript">...</div> so that we could extract the JS and eval it in the parent context. The clunky thing was that you had to hand escape reserved html characters (&, <, etc) in your JS code. So many bugs...
Wow, then I think that I jumped directly to that hoo-haa since I didn't even consider the technique you are describing, I wasn't expecting today learning something from dynamic HTML past of the web. Thanks!