Via:
- Frames / iframes (
contentDocument
) or - XMLHttpRequest
The SOP limits those mechanisms (and some others what give access to information but not DOM) to URLs on the same origin as the page hosting the script.
문제
On the Wikipedia page for the Same Origin Policy, it reads that the mechanism is in place to prevent accessing the DOM between different sites.
If the policy weren't in place, how exactly could sites access each other's DOM?
해결책
Via:
contentDocument
) orThe SOP limits those mechanisms (and some others what give access to information but not DOM) to URLs on the same origin as the page hosting the script.