Same Origin Policy to JavaScript

  • One website can include JavaScript from any other website
1<script src="https://siteb.com/file.js">

Embedding other website JavaScript, you are allowing other website to run its JavaScript into your website. This can lead to JavaScript realated attacks such as Cross Site Scripting.