They could if they put code to read cookies in JS and send them home in the JS i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

eloisant on March 31, 2015 | parent | context | favorite | on: China's Man-On-the-Side Attack on GitHub

They could if they put code to read cookies in JS and send them home in the JS included in people's pages.

jonny_eh on March 31, 2015 [–]

Good point, all the more reason page authors should use httpOnly cookies: https://www.owasp.org/index.php/HttpOnly

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact