why the HTML DSL doesn't have the crossorigin attribute? how to overcome this limitation?

Imho crossorigin is not safe and you should avoid it as much as you can. More on that topic https://security.stackexchange.com/questions/8264/why-is-the-same-origin-policy-so-important

ok