[theora] <video/> and cross site scripting policy.

Robert O'Callahan robert at ocallahan.org
Thu Nov 6 17:52:08 PST 2008

On Fri, Nov 7, 2008 at 2:29 PM, Ralph Giles <giles at xiph.org> wrote:

> Trying again: this discussion, to the extent that many of us here are
> objecting to the cross-site controls as you've described them, is
> about the tradeoff between security and ease of use. I think you've
> weighed security too heavily, and am trying to understand why our
> conclusions are different.

It could simply be because most of the usability burden falls on you and
most of the security burden falls on us.

Well, the latter isn't really true; Web developers are paying hugely for the
cross-domain fiasco too. And would be paying more except that XSS and
similar issues are so often swept under the rug.

"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.xiph.org/pipermail/theora/attachments/20081107/04601877/attachment.htm 

More information about the theora mailing list