"Michael Howard" <[EMAIL PROTECTED]> writes: > In a nutshell, if Internet Explorer 6.0 SP1 detects a cookie that has a > trailing HttpOnly (case insensitive) it will return an empty string to > the browser when accessed from script, such as by using document.cookie.
What about HTTP headers which advise user agents to disable some features, e.g. read/write access to the document or parts of it via scripting or other Internet Explorer interfaces? Is anybody interested in writing an Informational RFC on this topic? -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
