Heads-up: Since nobody could say what security vulnerability we were protecting against in making importScripts() block cross-origin loads, I've commented out the step that enforces same-origin restrictions for importScripts(). The only vulnerabilities I can find are things that can already be done with <script> (e.g. slurping cookie-protected JSON).
-- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
