To the best of my knowledge, cross domain script loading is just as much a security risk, but it was present in browsers before the risks were realized and too many sites depend on it, so no one can remove it. It's a historical anomaly. Danny
On Jan 9, 9:39 am, Miha <[EMAIL PROTECTED]> wrote: > > Now I have another question? From the security point of view, what is > the difference between cross domain script loading and cross domain > ajax requests? Why script loading is permitted by browsers and ajax is > not? > > regards, > Miha > >