From: https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript
The same origin policy prevents a document or script loaded from one origin from getting or setting properties of a document from another origin. This policy dates all the way back to Netscape Navigator 2.0.
So why is not the same origin policy enforced?, when a have a script tag like this:
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
I'm sure I'm missing 'something', I've read
http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
a bunch of times but can not figure out...
HTML can load from wherever it likes, it's another script running on the page that can't fetch documents from another origin.