- From: Michal Zalewski <lcamtuf@dione.cc>
- Date: Fri, 26 Sep 2008 18:43:41 +0200 (CEST)
On Fri, 26 Sep 2008, Elliotte Harold wrote: > Absolutely false. The media simply needs to be served from the same host > the blog itself is. This is how almost all the media in my blogs works > today. What little content comes from a 3rd party site in my blogs > (mostly from laziness) could easily be moved to the sites that serve the > blogs. I kinda assumed this suggestion was tongue-in-cheek, but if not - banning cross-domain IFRAMEs to fix one flaw, without providing viable methods for sandboxing untrusted same-origin content, would leave web developers with no tools to deal with quite a few classes of major security issues. /mz
Received on Friday, 26 September 2008 09:43:41 UTC