On Thu, Mar 10, 2011 at 11:54 AM, Boris Zbarsky <bzbar...@mit.edu> wrote: > On 3/10/11 4:59 AM, Robert O'Callahan wrote: >> >> On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <bzbar...@mit.edu >> <mailto:bzbar...@mit.edu>> wrote: >> >> 1) Cross-site components are safe to use. >> >> I'm less enthusiastic about #1. In many situations, perhaps most, >> developers can choose to trust a component and host it themselves, and >> there's no problem. Some "widget" use cases can be solved with IFRAMEs >> instead. What use cases for cross-site component loading are left? > > CDNs of various sorts, dedicated hostnames for different sorts of content (a > la existing images.something.com setups), that sort of thing. > > If we want to not allow cross-site loading at all, those cases break. If we > want to allow it, we should try to make it hard to shoot yourself in the > foot by doing it, imo.
IMHO, it's important to make cross-site interactions predictable. For example, <script> works well with CDNs but doesn't provide any isolation. Now, you might say that <script> leaves something to be desired w.r.t. security, and I'd certainly agree. :) Adam
