
Javascript Security Wonderland - raganwald
http://continuations.wenger.us/post/35834226/javascript-security-wonderland
======
gruseom
So, cross-domain restrictions are easily bypassed by creating a <script> tag
with document.createElement and setting its src property to whatever you want.
I am surprised that I didn't know about this simple trick. Javascript
dynamicness strikes again!

The author's upset about this, but the legitimate uses seem pretty exciting.

