- From: Bil Corry <bil@corry.biz>
- Date: Tue, 02 Dec 2008 12:48:22 -0600
- To: public-html-comments@w3.org
On Tue, 2 Dec 2008, Ian Hickson wrote: > On Tue, 2 Dec 2008, Anne van Kesteren wrote: >> >> http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#dom-document-cookie >> currently does not take HTTPOnly into account. There should at >> least be a note there that the user agent may not always reveal all >> cookies the Cookie header contains. Likewise, HTTPOnly cookies are >> not be overwritten by script. > > Done. Let me know if there's a reference I can use... Currently, there isn't a reference for HTTPOnly. There's a small group of us working on creating one, but we're still hammering out the scope: http://groups.google.com/group/ietf-httponly-wg Once we have a draft put together, I'll pass it along. And of course, if anyone here is interested in joining the discussion on HTTPOnly, we're open to more input. - Bil
Received on Tuesday, 2 December 2008 18:49:03 UTC