On Sat, 27 Sep 2008, Anne van Kesteren wrote:
Could you list these comprehensive designs perhaps?
I mean, proposals to make it possible for sites to opt in for explicitly
controlling various cross-domain interactions now permitted by default
(which includes including scripts, making POST requests, IFRAMEing
content, etc)... Say:
http://people.mozilla.org/~bsterne/content-security-policy/
...(which I do not like for a number of reasons, but that's a separate
thread), or proposals from OpenAjax, etc; I also seem to recall seeing
something along these lines proposed by Microsoft. Many of these
essentially extend the basic mechanisms proposed for cross-domain
XMLHttpRequest.
/mz