On 10/4/11 3:14 PM, Anne van Kesteren wrote:
On Tue, 04 Oct 2011 21:06:29 +0200, Boris Zbarsky <bzbar...@mit.edu> wrote:Yes; the point of specifying crossorigin is to opt in to the security model we think the web _should_ have but that we can't roll out across the board. Yet.Well, what you think it should have is not shared by me.
That's fine. Then you need a better proposal for the various security bugs involved. I'm all ears.
-Boris
