What does script's own domain mean? The domain the script was served from, or its HTML page?

Does this mean that I can do AJAX calls only on the domain that serves the HTML page where the script is placed, or just on the domain where the script file comes from?

If my script is on foo.com, and it is in a page from bar.com, to where am I allowed to make a AJAX call开发者_运维技巧? foo.com or bar.com?

It doesn't matter where you download script from, it goes by the page domain, so in your case it's bar.com.

Andrey's answer is correct. That is how I do my exercise when I read Dojo book. I always has script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/dojo/1.3/dojo/dojo.xd.js"

 in my script.

And I can make ajax call such as retrieve files from my own local c drive.

Exactly, you can only do ajax calls to the domain your javascript file was download from. If it was downloaded from foo.com you can only make ajax calls to *.foo.com.

This prevents cross-domain scripting (security risk).