Re: Component Model is not an Isolation Model

On 3/10/11 4:59 AM, Robert O'Callahan wrote:
> On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <
> <>> wrote:
>     1)  Cross-site components are safe to use.
> I'm less enthusiastic about #1. In many situations, perhaps most,
> developers can choose to trust a component and host it themselves, and
> there's no problem. Some "widget" use cases can be solved with IFRAMEs
> instead. What use cases for cross-site component loading are left?

CDNs of various sorts, dedicated hostnames for different sorts of 
content (a la existing setups), that sort of thing.

If we want to not allow cross-site loading at all, those cases break. 
If we want to allow it, we should try to make it hard to shoot yourself 
in the foot by doing it, imo.


Received on Thursday, 10 March 2011 19:55:16 UTC