W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] AllowSeamless feedback

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 18 Jan 2013 11:33:22 -0500
Message-ID: <50F97952.5080706@mit.edu>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: whatwg@lists.whatwg.org
On 1/18/13 11:32 AM, Anne van Kesteren wrote:
> On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>> except for niggling issues around code that uses location.href to determine origins. :(
> Sounds like you'd also have to trust that the page you're seamlessly
> embedding is not going to do anything malicious on your origin. Seems
> pretty dangerous.

It's no worse in terms of trust than including a <script> from some 
random domain, of course, which is how people solve that problem now... 
  Of course it's not like we're happy with the state of things now.

Received on Friday, 18 January 2013 16:33:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:19 UTC