Menu
From: https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript
The same origin policy prevents a document or script loaded from one origin from getting or setting properties of a document from another origin. This policy dates all the way back to Netscape Navigator 2.0.
So why is not the same origin policy enforced?, when a have a script tag like this:
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
I'm sure I'm missing 'something', I've read
http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
a bunch of times but can not figure out...
650
HTML can load from wherever it likes, it's another script running on the page that can't fetch documents from another origin.
91
<script> tags are an exception to this rule. A page is allowed to "invite" a script from another server, and that's considered OK.
(The whole economy of the internet - on-page advertising - is based on this being allowed! Although it does represent a security risk, it's not going to change any time soon.)
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
