On 3/10/11 4:59 AM, Robert O'Callahan wrote:
On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <bzbar...@mit.edu <mailto:bzbar...@mit.edu>> wrote:1) Cross-site components are safe to use. I'm less enthusiastic about #1. In many situations, perhaps most, developers can choose to trust a component and host it themselves, and there's no problem. Some "widget" use cases can be solved with IFRAMEs instead. What use cases for cross-site component loading are left?
CDNs of various sorts, dedicated hostnames for different sorts of content (a la existing images.something.com setups), that sort of thing.
If we want to not allow cross-site loading at all, those cases break. If we want to allow it, we should try to make it hard to shoot yourself in the foot by doing it, imo.
-Boris
