文章@EricLaw提到，相同原产地政策第1部分：不偷看很好。

The article @EricLaw mentions, "Same Origin Policy Part 1: No Peeking" is good.

下面是一个简单的例子，为什么我们需要'同源政策'：

Here's a simple example of why we need the 'same origin policy':

通过使用iframe（内联框架在框架中放置另一个HTML文档）在您自己的网页中创建网页。让我们说你显示www.yourbank.com。用户输入他们的银行信息。如果您可以读取该页面的内部HTML（这需要使用脚本），您可以轻松地读取银行帐户信息和繁荣。安全漏洞。

It's possible to display other webpages in your own webpage by using an iframe (an "inline frame" places another HTML document in a frame). Let's say you display www.yourbank.com. The user enters their bank information. If you can read the inner HTML of that page (which requires using a script), you can easily read the bank account information, and boom. Security breach.

因此，我们需要相同的源策略，以确保一个网页不能使用脚本来读取另一个网页的信息。

Therefore, we need the same origin policy to make sure one webpage can't use a script to read the information of another webpage.