[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
Bonner, Matt
matt.bonner at hp.com
Tue Oct 7 16:17:07 PDT 2008
not speaking for HP here...
Elliotte Harold wrote:
> I don't have time to respond in detail to each of the valid points
> your raise. I may later. However each of them can be handled in a
> different way that doesn't require third party content and mashups.
> The reason we have designed these systems this way is because it was
> quick and easy, not because it was the only way to do these tasks.
That seems overly simplified. Allowing links across sites creates
networks. I can link to a graph of the TED spread [1], to a real-time
picture of the traffic on a nearby freeway and to a calendar gadget
from three different sites because those sites are authorities for
those topics.
Of course there's your way around all that: making local copies. But
that brings obvious costs in network and disk usage. Also, the same-
host restriction raises the barrier to the average user making a web
page. And quite obviously, many companies would take umbrage if page
authors copied their contents. There are doubtless other problems w/
the same-host approach, but these are a few big ones I see.
Matt
[1] http://en.wikipedia.org/wiki/TED_spread
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4798 bytes
Desc: not available
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081007/9cdbc1da/attachment.bin>
More information about the whatwg
mailing list