"Michael Howard" <mikehow@microsoft.com> writes: > In a nutshell, if Internet Explorer 6.0 SP1 detects a cookie that has a > trailing HttpOnly (case insensitive) it will return an empty string to > the browser when accessed from script, such as by using document.cookie. What about HTTP headers which advise user agents to disable some features, e.g. read/write access to the document or parts of it via scripting or other Internet Explorer interfaces? Is anybody interested in writing an Informational RFC on this topic? -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
