[whatwg] AllowSeamless feedback
bzbarsky at MIT.EDU
Fri Jan 18 08:33:22 PST 2013
On 1/18/13 11:32 AM, Anne van Kesteren wrote:
> On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> except for niggling issues around code that uses location.href to determine origins. :(
> Sounds like you'd also have to trust that the page you're seamlessly
> embedding is not going to do anything malicious on your origin. Seems
> pretty dangerous.
It's no worse in terms of trust than including a <script> from some
random domain, of course, which is how people solve that problem now...
Of course it's not like we're happy with the state of things now.
More information about the whatwg