Comment by mr_toad

5 years ago

> You have to isolate every customer on separate domains.

Allowing unvetted JavaScript to be served from your main domain is something of a security risk anyway.