[whatwg] AllowSeamless feedback

Boris Zbarsky bzbarsky at MIT.EDU
Fri Jan 18 08:33:22 PST 2013

On 1/18/13 11:32 AM, Anne van Kesteren wrote:
> On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> except for niggling issues around code that uses location.href to determine origins. :(
> Sounds like you'd also have to trust that the page you're seamlessly
> embedding is not going to do anything malicious on your origin. Seems
> pretty dangerous.

It's no worse in terms of trust than including a <script> from some 
random domain, of course, which is how people solve that problem now... 
  Of course it's not like we're happy with the state of things now.


More information about the whatwg mailing list