W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] AllowSeamless feedback

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 18 Jan 2013 11:33:22 -0500
Message-ID: <50F97952.5080706@mit.edu>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: whatwg@lists.whatwg.org
On 1/18/13 11:32 AM, Anne van Kesteren wrote:
> On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>> except for niggling issues around code that uses location.href to determine origins. :(
>
> Sounds like you'd also have to trust that the page you're seamlessly
> embedding is not going to do anything malicious on your origin. Seems
> pretty dangerous.

It's no worse in terms of trust than including a <script> from some 
random domain, of course, which is how people solve that problem now... 
  Of course it's not like we're happy with the state of things now.

-Boris
Received on Friday, 18 January 2013 16:33:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT