Hacker News new | ask | show | jobs
by paulddraper 2482 days ago
XSS is usually really, really bad anyway.

CSP plus trusted scripts...you should be working hard to prevent XSS.
1 comments
earthboundkid 2482 days ago
Ideally, yes. In the current advertising market? No.
link
paulddraper 2481 days ago
I don't know much about advertising.

Can't they be easily handled with an iframe?

link