[p2pu-dev] Google's Dart

Jessica Ledbetter jessica at jessicaledbetter.com
Tue Oct 11 20:17:47 UTC 2011


Again, it's just me with community member hat on asking about security.
There's no 'we' when I asked that.

I don't, personally, have the time to do it, and it's Zuzel's call, anyway.
And if I did have free time, my personal priority in a volunteer position
would be making the site working in IE. A lot of the code I did as a
volunteer was me scratching my own itches or exploring something I wanted to
learn :)

I didn't realize we can embed iframes already. I haven't done much with
embed.ly.

On Tue, Oct 11, 2011 at 4:11 PM, Dan Diebolt <dandiebolt at gmail.com> wrote:

> Do you realize that you currently *CAN* embed a <iframe>s using the
> embed.ly embed code? It is broken only in the sense that it doesn't
> display properly - the attack surface is no larger or smaller because the
> visual display of the <iframe> is broken. So whatever attack surface you
> imagine the <iframe> to have, you aren't disallow any <iframe>'s.
>
> So in a nutshell what I am hearing is this: we don't want to fix the
> current embed.ly display problem because we think <iframe>'s are naughty
> but we are just going to ignore the issue and allow users to embed
> <iframe>'s via embed.ly. That doesn't make any sense.
>
>


-- 
Jessica Ledbetter
http://jessicaledbetter.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p2pu.org/pipermail/p2pu-dev/attachments/20111011/c2478c4c/attachment-0001.html>


More information about the p2pu-dev mailing list