The flaw in this proposal is the assumption that web application builders will be satisfied with the restrictions imposed by this flag and hence use it. I suspect that with the ever increasing level of highly interactive content achieved with JavaScript, that this flag will be ignored and hence valueless as a general solution. More appropriate would be to spend the effort designing a solid security model which allows JavaScript (and other active content) access to cookies, but only within the appropriate security rules. Dave MorrisReceived on Sunday, 23 November 2008 03:50:06 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:57 GMT