[whatwg] AllowSeamless feedback

Boris Zbarsky bzbarsky at MIT.EDU
Fri Jan 18 08:33:22 PST 2013


On 1/18/13 11:32 AM, Anne van Kesteren wrote:
> On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> except for niggling issues around code that uses location.href to determine origins. :(
>
> Sounds like you'd also have to trust that the page you're seamlessly
> embedding is not going to do anything malicious on your origin. Seems
> pretty dangerous.

It's no worse in terms of trust than including a <script> from some 
random domain, of course, which is how people solve that problem now... 
  Of course it's not like we're happy with the state of things now.

-Boris




More information about the whatwg mailing list