> > Whatever we do, the "cookie" should never be manipulated directly. For > > Caja, it's important that we use an interface so that we can change > > implementation - as Kevin mentioned, Caja will not allow you manipulate > a > > cookie directly. > > I don't quite understand this point. A cookie, fetched from a 3rd-party > site > via the proxy, from the gadget POV is just a list of key value pairs. I > don't > see how even manipulating that data directly can do any harm?
Consider a Cajoled gadget that's inlined on the container page. If the cajoled gadget was able to access the cookie directly, then it would be using the same cookie that the site does - that's insecure and allows naming collisions. For these reasons Caja will prevent access to the cookie entirely. An interface like a cookie, that acts as one on the proxy satisfies Caja and the behaviour you want.
