A cyberattack that involves bypassing the domain restriction rule (a key principle of securing web resources), which prohibits JavaScript applets from accessing objects located on another domain. To run a third-party script on a web page, its domain, protocol, and port must match the source. Compliance checking and blocking of unwanted scripts occurs on the browser side, where errors in the code can be exploited by attackers.