The flaw in this proposal is the assumption that web application builders will be satisfied with the restrictions imposed by this flag and hence use it. I suspect that with the ever increasing level of highly interactive content achieved with JavaScript, that this flag will be ignored and hence valueless as a general solution. More appropriate would be to spend the effort designing a solid security model which allows JavaScript (and other active content) access to cookies, but only within the appropriate security rules. Dave MorrisReceived on Sunday, 23 November 2008 03:50:06 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:34 GMT