- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 19 Mar 2015 09:24:19 +0100
- To: Travis Leithead <travis.leithead@microsoft.com>
- Cc: Ryosuke Niwa <rniwa@apple.com>, "Dimitri Glazkov (dglazkov@google.com)" <dglazkov@google.com>, WebApps WG <public-webapps@w3.org>, Arron Eicholz <arronei@microsoft.com>
On Thu, Mar 19, 2015 at 12:08 AM, Travis Leithead <travis.leithead@microsoft.com> wrote: > 5. I like this. Though it's really only necessary for the cross-origin use case. I think it's worth mentioning that the existing setup further encourages the rather dangerous practice of including and trusting cross-origin scripts. E.g. if you include an HTML import from angularjs.org you are effectively surrendering all the user's localStorage, non-protected cookies, indexed DB, etc. to that origin. Finding ways to move away from such practices while retaining most of the functionality has significant value. -- https://annevankesteren.nl/
Received on Thursday, 19 March 2015 08:24:48 UTC