What is the threat model for the same origin policy?

Question

http://en.wikipedia.org/wiki/Same_origin_policy

The same origin policy prevents a script from one site talking to another site. Wiki says it\'s an \"important securi

Answer 1

The article @EricLaw mentions, "Same Origin Policy Part 1: No Peeking" is good.

Here's a simple example of why we need the 'same origin policy':

It's possible to display other webpages in your own webpage by using an iframe (an "inline frame" places another HTML document in a frame). Let's say you display www.yourbank.com. The user enters their bank information. If you can read the inner HTML of that page (which requires using a script), you can easily read the bank account information, and boom. Security breach.

Therefore, we need the same origin policy to make sure one webpage can't use a script to read the information of another webpage.