On Wed, 08 Feb 2006 17:29:46 +0600, Hallvord R M Steen
<[EMAIL PROTECTED]> wrote:
there is some discussion surrounding cookies and security - see this bug:
http://bugzilla.opendarwin.org/show_bug.cgi?id=6797
We are wondering if it would be any use to block document.cookie
access across frames completely, or whether this would break too many
sites out there.. Any thoughts on this?
Just blocking access to cookies of another frame isn't enough. Consider
the following example:
otherframe.document.body.addEventListener('unload', function() {
thisframe.variable = otherframe.document.cookie;
}, false);
When the unload event fires, otherframe will be accessing its own cookies,
which is legal.
--
Opera M2 8.5 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station [ICQ: 115226275] <[EMAIL PROTECTED]>
