On Sat, Oct 29, 2011 at 4:22 PM, Daniel Friesen <[email protected]> wrote: > - It doesn't scale very well. If you do try to add more vendors and users > do enable most of them, you still end up loading from each enabled vendor > slowing things down. With the exception of the FB Like/Recommend button, everything (even the FB share link) is just an image paired with a HTML link. Maybe other sites allow embedding their logos, so the only image which needs to be loaded externally is the FB one.
> - Frankly the UI is pretty bad. That's the price you have to pay for total privacy, unfortunately. > - Once you enable a vendor we drop right back to a 3rd party script being > injected into the page such that it can do malicious things. > > Btw, if you're a 3rd party with a script in a page you can go pretty far > abusing XHR and history.pushState to make it look to a user like they're > browsing the website normally when in reality they're on the same page > with the script still running. Oh, and that includes making it look like > you're safely visiting the login page when in reality you didn't change > pages and the script is still running ready to catch passwords. Do you have any links with further info on this? Marco _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
