On Mon, Jul 9, 2012 at 6:04 PM, Aymeric Vitte <[email protected]> wrote: > If the answer is that it is not possible because of the same origine policy, > then it is not difficult to show that this policy can be broken already, by > some "manipulations", then it's better to have something clean.
Please do explain what "manipulations" you have in mind here. As I understand it, the same-origin policy is what prevents other web sites you visit from sending HTTP requests to your bank (for example), with your login cookie attached, and looking at the responses. It seems like it would be a major security hole if that could be easily circumvented. -j _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
