Hacker News new | past | comments | ask | show | jobs | submit login

My "non-professional in the field" opinion of this at first glance is that this seems like a concept ripe for abuse and security holes (not to mention scam potential) trying to be a successor to something that was already pretty bad in that regard...

This would be better if it was designed with the end user in mind from the get go and in full control of defining portals himself. (and by that I mean, if you take the example linked by omneity [1], I should be the one defining which "shopping cart" i'm sending the recipe ingredients to or which social app is triggered and what data am I sending it).

For some reason this also gives me some "Fuschia OS" vibes [2] or at least how Google would want to have this as standard on the web...

[1] - https://news.ycombinator.com/item?id=23688857 [2] - https://www.youtube.com/watch?v=Z7qGHgF1Pb4






> My "non-professional in the field" opinion of this at first glance is that this seems like a concept ripe for abuse and security holes

https://bugs.chromium.org/p/chromium/issues/detail?id=962500

They've already resulted in at least one same-origin policy bypass, lol.


In code that was not shipping, note.

Portals are specifically designed to address the security and privacy issues with iframes. You can learn more at https://github.com/WICG/portals/blob/master/README.md#privac...

Seems to me it'll be fine if they get the same restrictions as iframes. As far as I can tell the main difference is that there's a way to go 'through' the portal, rather than merely stare at it.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: