|
|
BugTraq
A technique to mitigate cookie-stealing XSS attacks Nov 05 2002 06:44PM Michael Howard (mikehow microsoft com) (3 replies) Re: A technique to mitigate cookie-stealing XSS attacks Nov 11 2002 06:19PM Jeremiah Grossman (jeremiah whitehatsec com) (1 replies) RE: A technique to mitigate cookie-stealing XSS attacks Nov 12 2002 12:46AM Jason Coombs (jasonc science org) Re: A technique to mitigate cookie-stealing XSS attacks Nov 07 2002 08:26PM Justin King (justin othius com) (1 replies) Re: A technique to mitigate cookie-stealing XSS attacks Nov 10 2002 03:21AM Ulf Harnhammar (ulfh update uu se) (2 replies) RE: A technique to mitigate cookie-stealing XSS attacks Nov 12 2002 10:43AM jasonk (jasonk swin edu au) Re: A technique to mitigate cookie-stealing XSS attacks Nov 11 2002 08:29PM Seth Arnold (sarnold wirex com) |
|
Privacy Statement |
> In a nutshell, if Internet Explorer 6.0 SP1 detects a cookie that has a
> trailing HttpOnly (case insensitive) it will return an empty string to
> the browser when accessed from script, such as by using document.cookie.
What about HTTP headers which advise user agents to disable some
features, e.g. read/write access to the document or parts of it via
scripting or other Internet Explorer interfaces?
Is anybody interested in writing an Informational RFC on this topic?
--
Florian Weimer Weimer (at) CERT.Uni-Stuttgart (dot) DE [email concealed]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
[ reply ]