They have written an HTTP proxy to solve the Javascript security restrictions. Using this proxy made it possible to side-step many of the constraints of the "same host origin" policy, where a browser won't allow Javascript to make calls to anything
other than the server from that the present page has been served.
Moreover, WebDriver uses the choice approach of firing events at the OS level.
As these "native events" aren't generated by the browser this approach circumvents the security restrictions placed on synthesized events and, because they are OS-specific, once they are working for
one browser on a specific platform reusing the code in another browser is comparatively simple.
Most of the above content is documented from the below link, do browse the subsequent reference for a lot of details on Selenium internals
http://www.aosabook.org/en/selenium.html
Hope this helps!