On Tue, 09 Jun 2009 03:39:19 +0200, Mark S. Miller <[email protected]> wrote: > This use-case was the motivation for ADsafe, though any of the JavaScript > sanitizers would do. > > Without some such sanitization technology, it remains unsafe to load > untrusted ads directly on your page. Adam and I are still arguing fine > points of just how unsafe, but there's no question that the answer is at > least "too unsafe". > > With GuestXMLHttpRequest, such sanitized ads could be allowed to call > home safely without being able to impersonate their containing page's origin.
Why can such ads not be embedded using a seamless sandboxed <iframe> from HTML5? -- Anne van Kesteren http://annevankesteren.nl/
