On Fri, 26 Sep 2008, Elliotte Harold wrote:
Absolutely false. The media simply needs to be served from the same host the blog itself is. This is how almost all the media in my blogs works today. What little content comes from a 3rd party site in my blogs (mostly from laziness) could easily be moved to the sites that serve the blogs.
I kinda assumed this suggestion was tongue-in-cheek, but if not - banning cross-domain IFRAMEs to fix one flaw, without providing viable methods for sandboxing untrusted same-origin content, would leave web developers with no tools to deal with quite a few classes of major security issues.
/mz
