The internet would be alot safer if a webpage could only pull data and scripts from the host site. Get rid of all this cross access and safety will improve massively.
Of course, the googles and facebooks, wont permit that !!
We could self police that and force an industry standard change. If everyone just installed NoScript... And were not too lazy to use it.
They would catch on fairly quickly that their “hidden script” jig is up.
But to use it takes a couple extra mouse clicks. We are way too lazy to make even one more mouse click than we have to.