Re: CORS

On Wed, Oct 11, 2017 at 9:41 AM, Jake Archibald <jakearchibald@google.com>
wrote:
>
> Although, it's worth noting that when site A executes a script from site
> B, it is giving site B full control over the page and storage on its origin.
>

On a tangent it's a pity there doesn't exist a way for a page to load in a
script from another source but have it executed securely in a sandbox with
limited access to some of the pages context. It sure would be nice not to
give twitter, google, discus, etc. "root" privileges on your site just
because you want some functionality from them.

Received on Wednesday, 11 October 2017 07:55:18 UTC