- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 18 Jan 2013 11:33:22 -0500
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: whatwg@lists.whatwg.org
On 1/18/13 11:32 AM, Anne van Kesteren wrote: > On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: >> except for niggling issues around code that uses location.href to determine origins. :( > > Sounds like you'd also have to trust that the page you're seamlessly > embedding is not going to do anything malicious on your origin. Seems > pretty dangerous. It's no worse in terms of trust than including a <script> from some random domain, of course, which is how people solve that problem now... Of course it's not like we're happy with the state of things now. -Boris
Received on Friday, 18 January 2013 16:33:56 UTC