bzbarsky at MIT.EDU
Thu Feb 10 06:29:17 PST 2011
On 2/10/11 4:36 AM, Adam Barth wrote:
> Apologies for not reading the whole thread before replying, but the
> design Darin describes below has worked well in WebKit thus far. I'd
> risk of introducing security vulnerabilities into the engine.
protocol, but with tracking of where the URL came from required for the
script to actually execute and explicit opt-in on the caller's part
required to execute outside a sandbox.
This too has worked well in terms of security, for what it's worth,
while offering a lot more flexibility in terms of how and where
I don't think we should gate the spec here on Webkit's implementation
details if we think a certain behavior is correct but hard to support in
More information about the whatwg