Hacker News new | past | comments | ask | show | jobs | submit login

> My "non-professional in the field" opinion of this at first glance is that this seems like a concept ripe for abuse and security holes


They've already resulted in at least one same-origin policy bypass, lol.

In code that was not shipping, note.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact