HTML elements that can link resources from different sources (can be implemented across domains):
IMG, script, CSS, video, audio, object, embed, applets, @font-face, frame, IFRAME, etc.
(1) </img>
(2) <script src= "" ></script> tag embedded cross-domain script. Syntax error messages can only be captured in the same-origin script. JSONP also used.
(3) <link src= "" > tag embedded CSS. Due to the loosely grammatical rules of CSS, the cross-domain of CSS requires a set of correct Content-type message headers. Different browsers have different restrictions: IE, Firefox, Chrome, Safari (skip to cve-2010-0051) and Opera. (4) <video> and <audio> embed multimedia resources. (5) <object>, <embed> and <applet> plugins. (6) @font the font introduced by-face. Some browsers allow cross-domain fonts (cross-origin fonts), and some require homologous fonts (Same-origin fonts). (7) Any resources that are loaded in <frame> and <iframe>. Sites can use the X-frame-options message header to prevent this form of cross-domain interaction.
HTML elements that can embed resources across domains