The Glider

“Some of the most recent iterations of the XHR specifications at w3c have made some excellent security choices that will lock down the JavaScript HTTPOnly edge-case exposure vectors.The latest editorial draft of the XHR w3c spec http://dev.w3.org/2006/webapi/XMLHttpRequest/• prevents creating set-cookie/2 headers via setRequestHeader() in a case insensitive way. (but XHR is…

Tags: News

This entry was posted on Monday, December 15th, 2008 at 4:42 am and is filed under CGI Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.