Also, saying that hardening APIs is bad because "frameworks can work around it" is incredibly short-sighted.
If we can't then we can never put faith in secure APIs for the web b/c they can always be subverted by FWs.
-
-
again:I am not saying we can't do this.I am not at all oposing the idea. Just saying we need to be careful
-
Violent agreement, then? :) FWIW we've done a bad job at secure-by-default JS FWs and we should get better.
-
I just wouldn't like the past crappiness of this area to hold us back from making useful platform changes.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.