On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote: > except for niggling issues around code that uses location.href to determine origins. :( Sounds like you'd also have to trust that the page you're seamlessly embedding is not going to do anything malicious on your origin. Seems pretty dangerous. -- http://annevankesteren.nl/