- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 6 May 2013 12:57:49 -0700
- To: "Hill, Brad" <bhill@paypal-inc.com>
- Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, May 6, 2013 at 11:26 AM, Hill, Brad <bhill@paypal-inc.com> wrote: > Do you have thoughts or opinions on this, Anne? I don't really like that we make decisions about what is acceptable on a case-by-case basis without data/knowledge about what is actually safe and what is unsafe. I sort of feel that either we should abide by the boundary set by <form>/CORS or try to rethink that model. Poking holes without any kind of model strikes me as a bad idea. -- http://annevankesteren.nl/
Received on Monday, 6 May 2013 19:58:15 UTC