[whatwg] Behavior when <script> is removed from DOM

Yehuda Katz wycats at gmail.com
Thu Dec 8 16:40:40 PST 2011


Yehuda Katz
(ph) 718.877.1325


On Thu, Dec 8, 2011 at 4:31 PM, Mark S. Miller <erights at google.com> wrote:

> On Thursday, December 8, 2011, Yehuda Katz wrote:
>
>>
>> I'm probably still misunderstanding, but the current security
>> infrastructure of the web supports cross-origin XHR only with a new kind of
>> explicit server opt-in that most APIs do not support.
>>
>
>
> In that case you are understanding correctly. My point was that *except
> for the lack of this header*, the rest of this JSONP API is just a one
> liner.
>

Yes, but how does that help us?


>
>
> --
>     Cheers,
>     --MarkM
>



More information about the whatwg mailing list