Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

google.com is a valuable target for XSS attacks. Keeping content off this domain reduces the attack surface.


I too think this is the reason. It does, however, allow for cool domains like https://summerofcode.withgoogle.com


This kind of marketing content is often provided by an agency. Hosting it on google.com where users are logged in would require extremely strict security reviews.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: