On Mon, Jan 5, 2015 at 12:26 PM, Tim Berners-Lee <timbl@w3.org> wrote: > They are not. Data is special Right. I think you could make your point more clear if rather than talking about scripts (which could themselves create <script> elements and such) you instead focused on the use case you care about, loading some data from another origin. There's already a problem with that today, it requires the other origin to use CORS. If it does not have that you need to use a proxy (or indeed a native app). If you want to authenticate your application it requires the other origin to support TLS (in addition to CORS). Again, you can use a proxy to circumvent this (or indeed a native app). Not having these restrictions in place enables all kinds of attacks and classic bugs ;-) -- https://annevankesteren.nl/Received on Monday, 5 January 2015 11:45:55 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC