2017-07-05 UTC
# tsyesika cwebber2: my gut feeling is the browser has to be involved somehow. I'm worried about XSS attacks. For example if you had a like button, could you also make that handle a delete action too if you had granted the site both permissions. Does anyone have any thoughts on cross site trickery (more broad then just XSS)