When a web page includes JS from an domain other than it's own, that doesn't flag errors, eh?
I mean, Google does it and so do countless others, so i can't see it being a problem or causing any XSS issues. XSS is typically reserved for javascript running on one domain manipulating the DOM of another or similar techniques correct?
Thanks a bunch