On Thu, Mar 19, 2015 at 12:08 AM, Travis Leithead
<travis.leith...@microsoft.com> wrote:
> 5. I like this. Though it's really only necessary for the cross-origin use 
> case.

I think it's worth mentioning that the existing setup further
encourages the rather dangerous practice of including and trusting
cross-origin scripts. E.g. if you include an HTML import from
angularjs.org you are effectively surrendering all the user's
localStorage, non-protected cookies, indexed DB, etc. to that origin.
Finding ways to move away from such practices while retaining most of
the functionality has significant value.


Reply via email to