- From: Michal Zalewski <lcamtuf@dione.cc>
- Date: Sat, 27 Sep 2008 14:48:56 +0200 (CEST)
On Sat, 27 Sep 2008, Anne van Kesteren wrote: > Could you list these comprehensive designs perhaps? I mean, proposals to make it possible for sites to opt in for explicitly controlling various cross-domain interactions now permitted by default (which includes including scripts, making POST requests, IFRAMEing content, etc)... Say: http://people.mozilla.org/~bsterne/content-security-policy/ ...(which I do not like for a number of reasons, but that's a separate thread), or proposals from OpenAjax, etc; I also seem to recall seeing something along these lines proposed by Microsoft. Many of these essentially extend the basic mechanisms proposed for cross-domain XMLHttpRequest. /mz
Received on Saturday, 27 September 2008 05:48:56 UTC