- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 10 Sep 2013 15:58:52 +0100
- To: Alex Russell <slightlyoff@google.com>
- Cc: "Nottingham, Mark" <mnotting@akamai.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Sep 10, 2013 at 3:34 PM, Alex Russell <slightlyoff@google.com> wrote: > Cookies have sub-origin scoping.via the Path attribute. It might be useful > to be able to further restrict the ability of script in a page to access/set > cookies that are "below" some path. I'm not sure what this means. The path attribute offers no actual protection and definitely does not provide origin-scoping. It's at best a convenience feature. -- http://annevankesteren.nl/
Received on Tuesday, 10 September 2013 14:59:23 UTC