google.com is a valuable target for XSS attacks. Keeping content off this domain... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		advisedwang on March 20, 2018 \| parent \| context \| favorite \| on: Google News Initiative google.com is a valuable target for XSS attacks. Keeping content off this domain reduces the attack surface.

adtac on March 20, 2018 | [–]

I too think this is the reason. It does, however, allow for cool domains like https://summerofcode.withgoogle.com

Hurdy on March 20, 2018 | [–]

This kind of marketing content is often provided by an agency. Hosting it on google.com where users are logged in would require extremely strict security reviews.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact