W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: Component Model is not an Isolation Model

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 10 Mar 2011 14:54:11 -0500
Message-ID: <4D792C63.40801@mit.edu>
To: robert@ocallahan.org
CC: Dimitri Glazkov <dglazkov@chromium.org>, public-webapps <public-webapps@w3.org>
On 3/10/11 4:59 AM, Robert O'Callahan wrote:
> On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <bzbarsky@mit.edu
> <mailto:bzbarsky@mit.edu>> wrote:
>     1)  Cross-site components are safe to use.
> I'm less enthusiastic about #1. In many situations, perhaps most,
> developers can choose to trust a component and host it themselves, and
> there's no problem. Some "widget" use cases can be solved with IFRAMEs
> instead. What use cases for cross-site component loading are left?

CDNs of various sorts, dedicated hostnames for different sorts of 
content (a la existing images.something.com setups), that sort of thing.

If we want to not allow cross-site loading at all, those cases break. 
If we want to allow it, we should try to make it hard to shoot yourself 
in the foot by doing it, imo.

Received on Thursday, 10 March 2011 19:55:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:16 UTC