There may be few legitimate uses for document.cookie, but eliminating it does ve... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tptacek on Oct 29, 2010 | parent | context | favorite | on: HTTP cookies, or how not to design protocols

There may be few legitimate uses for document.cookie, but eliminating it does very little to prevent cross-site scripting.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact