Cross-Site Script Inclusion

Bear in mind that the same applies in the opposite direction. Any JavaScript URLs hosted on your site can be imported by third-party websites, including those run by hackers.

cross-domain-loading.js

   /**
 * Load in a JavaScript library from another origin.
 */
fetch('https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js')
  .then(response => {
    // This will succeed because browsers will allow
    // JavaScript to be loaded from other origins.
  }) 