... and is the source of countless vulnerabilities we otherwise wouldn't have. We can't let it happen again.
Our disagreement boils down to the question of whether we can get FWs to play nice with new, hardened APIs.
-
-
If we can't then we can never put faith in secure APIs for the web b/c they can always be subverted by FWs.
-
again:I am not saying we can't do this.I am not at all oposing the idea. Just saying we need to be careful
-
Violent agreement, then? :) FWIW we've done a bad job at secure-by-default JS FWs and we should get better.
-
I just wouldn't like the past crappiness of this area to hold us back from making useful platform changes.
End of conversation
New conversation -
-
-
No, I am saying we should harden in a way that FWs play nicely with it.
-
and I am saying that not all ways will as seen with the many hacks due to innerHTML.
-
just wanted to add one data point to the discussion and not oppose the general idea.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.