Security Policies: Same-Origin Exemptions Exempt Properties - always accessible regardless of origin Set Location (but not location.host, etc.) History.go(), History.back(), etc. Document.write() Window and frame objects document.domain - allows mutually trusting pages on different hosts in a common domain (such as netscape.com) to access each other's content. document.domain = "mcom.com"; (OK) document.domain = "microsoft.com"; (this will fail) Script-defined global variables and functions are NOT exempt. 5/25