- From: Nathan <nathan@webr3.org>
- Date: Tue, 11 May 2010 15:03:50 +0100
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- CC: public-webapps <public-webapps@w3.org>
Boris Zbarsky wrote: > On 5/11/10 1:10 AM, Nathan wrote: [!snip] Boris, all, I honestly don't have the solutions (as you can easily see) - what I can see is that with CORS as it stands, and with same origin rules, then the web is about as safe as it can get from xss, which is crucial. This won't change, and after 5 years of WIP and wide deployment it most likely can't change. I can also see a situation ahead [1] where the both safety and openness need to be addressed at the same time - but that's probably years off for the general web population & may well require accountability / web of trust etc. Thus, dropped for now - I have to adopt anyway so may as well do it asap and encourage others the same (esp once it hits recommendation). One request though, does anybody have a chart or note of UA support for CORS? (even partial definitely doesn't work in x,y,z) [1] http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0553.html Best, Nathan
Received on Tuesday, 11 May 2010 14:05:09 UTC