[theora] <video/> and cross site scripting policy.
Robert O'Callahan
robert at ocallahan.org
Thu Nov 6 17:52:08 PST 2008
On Fri, Nov 7, 2008 at 2:29 PM, Ralph Giles <giles at xiph.org> wrote:
> Trying again: this discussion, to the extent that many of us here are
> objecting to the cross-site controls as you've described them, is
> about the tradeoff between security and ease of use. I think you've
> weighed security too heavily, and am trying to understand why our
> conclusions are different.
It could simply be because most of the usability burden falls on you and
most of the security burden falls on us.
Well, the latter isn't really true; Web developers are paying hugely for the
cross-domain fiasco too. And would be paying more except that XSS and
similar issues are so often swept under the rug.
Rob
--
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.xiph.org/pipermail/theora/attachments/20081107/04601877/attachment.htm
More information about the theora
mailing list