- From: David Morris <dwm@xpasc.com>
- Date: Sat, 22 Nov 2008 19:48:55 -0800 (PST)
- cc: HTTP Working Group <ietf-http-wg@w3.org>
The flaw in this proposal is the assumption that web application builders will be satisfied with the restrictions imposed by this flag and hence use it. I suspect that with the ever increasing level of highly interactive content achieved with JavaScript, that this flag will be ignored and hence valueless as a general solution. More appropriate would be to spend the effort designing a solid security model which allows JavaScript (and other active content) access to cookies, but only within the appropriate security rules. Dave Morris
Received on Sunday, 23 November 2008 03:50:06 UTC