Brendan Guild <[EMAIL PROTECTED]> writes: > This was a problem, but modern browsers implement Javascript in such a > way that it requires permission from the user before it will open a new > window.
Not really true, it's easy to defeat that, and also generally the pop-up blocker only blocks window.open on load events. JS can usually still open windows when you mouse over something. > All of those things seem like major problems except the bit about > cookies. What possible harm can reading and setting cookies do? I had > always thought they were carefully and successfully designed to be > harmless. That's not personal information in your cookies. That > information is set by websites for the sole purpose of being read by > websites. If you have a cookie from site ABC on your system, that shows you visited site ABC sometime in the past. That is personal information all by itself, that shouldn't be revealed (including to site ABC) without your permission. And that doesn't even begin to address web bugs. If the JS from site ABC can also read cookies set by unrelated site XYZ, that's an absolute disaster. It can steal login credentials and anything else. MSIE actually had a bug of that type a few years ago. -- http://mail.python.org/mailman/listinfo/python-list
