I appreciate the transparency on the issue, like how proposed solutions discussed publicly in an instructive way, e.g.:<p>> Other options that had been proposed early on included sanitizing the input. But this approach was described as "extremely tricky to get right (after all, vega failing at it is how we landed in this situation)."<p>Also interesting to see how implementation details bubble up to strategic considerations; e.g. how the decision to use iframes or not is linked to impact on mission.