Re: [whatwg] AllowSeamless feedback

On 1/18/13 11:32 AM, Anne van Kesteren wrote:
> On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>> except for niggling issues around code that uses location.href to determine origins. :(
>
> Sounds like you'd also have to trust that the page you're seamlessly
> embedding is not going to do anything malicious on your origin. Seems
> pretty dangerous.

It's no worse in terms of trust than including a <script> from some 
random domain, of course, which is how people solve that problem now... 
  Of course it's not like we're happy with the state of things now.

-Boris

Received on Friday, 18 January 2013 16:33:56 UTC