AMP gates the JavaScript it allows and requires asynchronous evaluation. 3rd par... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		fixermark on March 26, 2019 \| parent \| context \| favorite \| on: Google launches AMP for email AMP gates the JavaScript it allows and requires asynchronous evaluation. 3rd party JS is also allowed, but it has to be in a sandboxed iframe which, in a browser at least, would guard some of the user's state from exfiltration attacks (it's unclear to me if the iframe feature is available in email AMP). https://www.ampproject.org/learn/about-how/

fstanis on March 26, 2019 [–]

Emails only support a subset of AMP, so iframes and any form of JavaScript (other than the whitelisted AMP components) are not allowed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact