On Thu, Mar 19, 2015 at 12:08 AM, Travis Leithead <travis.leith...@microsoft.com> wrote: > 5. I like this. Though it's really only necessary for the cross-origin use > case.
I think it's worth mentioning that the existing setup further encourages the rather dangerous practice of including and trusting cross-origin scripts. E.g. if you include an HTML import from angularjs.org you are effectively surrendering all the user's localStorage, non-protected cookies, indexed DB, etc. to that origin. Finding ways to move away from such practices while retaining most of the functionality has significant value. -- https://annevankesteren.nl/