: Brad Fitzpatrick (brad) wrote,
2006-01-22 11:57:00

Brad Fitzpatrick
brad
2006-01-22 11:57:00

Firefox bugs

My beef with Firefox:

Firefox doesn't have HttpOnly cookies, even though LiveJournal had

avva write a patch for Mozilla over a year ago:
https://bugzilla.mozilla.org/show_bug.cgi?id=178993

Javascript in external CSS doesn't have the same-origin restrictions that Internet Explorer does, allowing untrusted remote CSS to do malicious things:
https://bugzilla.mozilla.org/show_bug.cgi?id=324253

See my comment there for more information.

Either one of these would've prevented us from going with one-domain-per-user (our new URL scheme), and the forthcoming cookie changes where we have master cookies and per-domain cookies that are signed by the master cookie.

Fun, but a pain in the ass too.

Tags: javascript, security, tech, work

Ukraine

Nobody reads my LiveJournal anymore, but thank you to everybody in Russia protesting Putin's insane war against Ukraine. (I know it's risky…
Happy Birthday!

Happy 20th Birthday, LiveJournal! 🐐🎂🎉
hi

Posting from the iPhone app. Maybe I'm unblocked now.

Post a new comment
Error
Anonymously

Log in

default userpic

Your reply will be screened

Your IP address will be recorded

When you submit the form an invisible reCAPTCHA check will be performed.
You must follow the Privacy Policy and Google Terms of use.

Preview comment

Help
27 comments

Post a new comment
27 comments

Ukraine

Nobody reads my LiveJournal anymore, but thank you to everybody in Russia protesting Putin's insane war against Ukraine. (I know it's risky…
Happy Birthday!

Happy 20th Birthday, LiveJournal! 🐐🎂🎉
hi

Posting from the iPhone app. Maybe I'm unblocked now.

Firefox bugs

Ukraine

Happy Birthday!

hi

Error

Ukraine

Happy Birthday!

hi