We discussed in lecture how the DOM same-origin policy defines an origin as the triple (protocol, domain, port). Explain what would go wrong if the DOM same-origin policy were only defined by domain. Give a concrete example of an attack that a network attacker can do in this case, but cannot do when using the standard definition of the same-origin policy.

Allison and her group have completed the data entry for their spreadsheet project. they are in the process of formatting the data to make it easier to read and understand. the title is located in cell a5. the group has decided to merge cells a3: a7 to attempt to center the title over the data. after the merge, allison points out that it is not centered and looks bad. where would the title appear if allison unmerged the cells in an attempt to fix the title problem?