W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR without user credentials

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 09 Jun 2009 21:16:32 +0200
To: "Tyler Close" <tyler.close@gmail.com>
Cc: "Mark S. Miller" <erights@google.com>, "Jonas Sicking" <jonas@sicking.cc>, "Adam Barth" <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-ID: <op.uu9uhucr64w2qv@annevk-t60>
Somehow this arrived late in my inbox :/

On Tue, 09 Jun 2009 18:29:25 +0200, Tyler Close <tyler.close@gmail.com> wrote:
> I think there are two main reasons:
> 1. ADsafe, Caja and others provide finer grained control over what the
> widget can do.

Could you elaborate on that?

> 2. All ads/widgets are fetched by the same HTTP request that fetches
> the containing page. The overhead of a separate iframe per ad/widget
> was too much for the expected use-cases.

This hasn't been done yet but the idea is to add a document="" (or some such) attribute to <iframe> that takes a string of markup to be rendered in a sandboxed way which should take away this concern.

Anne van Kesteren
Received on Tuesday, 9 June 2009 19:17:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC