On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky <[email protected]> wrote: > except for niggling issues around code that uses location.href to determine > origins. :(
Sounds like you'd also have to trust that the page you're seamlessly embedding is not going to do anything malicious on your origin. Seems pretty dangerous. -- http://annevankesteren.nl/
