I am creating a website which allows users to make their website alive for a certain amount of time. It works like this:
document.domain = "yourdomain.com";
And that could be a potential threat. Also, the Same origin policy has different behaviour on some browsers, such as Internet Explorer. It's ideal that you read the documentation on it for the most common web browsers.