- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 10 Mar 2011 14:54:11 -0500
- To: robert@ocallahan.org
- CC: Dimitri Glazkov <dglazkov@chromium.org>, public-webapps <public-webapps@w3.org>
On 3/10/11 4:59 AM, Robert O'Callahan wrote: > On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <bzbarsky@mit.edu > <mailto:bzbarsky@mit.edu>> wrote: > > 1) Cross-site components are safe to use. > > I'm less enthusiastic about #1. In many situations, perhaps most, > developers can choose to trust a component and host it themselves, and > there's no problem. Some "widget" use cases can be solved with IFRAMEs > instead. What use cases for cross-site component loading are left? CDNs of various sorts, dedicated hostnames for different sorts of content (a la existing images.something.com setups), that sort of thing. If we want to not allow cross-site loading at all, those cases break. If we want to allow it, we should try to make it hard to shoot yourself in the foot by doing it, imo. -Boris
Received on Thursday, 10 March 2011 19:55:16 UTC