Obviously it would be on-top of origin scoping. The idea here would be that
a document could declare that all writes into the cookie jar must be
prefixed with some path.
On Tue, Sep 10, 2013 at 7:58 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Tue, Sep 10, 2013 at 3:34 PM, Alex Russell <slightlyoff@google.com>
> wrote:
> > Cookies have sub-origin scoping.via the Path attribute. It might be
> useful
> > to be able to further restrict the ability of script in a page to
> access/set
> > cookies that are "below" some path.
>
> I'm not sure what this means. The path attribute offers no actual
> protection and definitely does not provide origin-scoping. It's at
> best a convenience feature.
>
>
> --
> http://annevankesteren.nl/
>