Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: open
there's nothing to do and no need to care about "explode" scripts, let the browser patches or anti virus software to do it
what i worried about is, when preview, the code is able to access cookies in www.mydomain.com (suppose this is my domain)
so, is it possible to seprate that code away from my domain?
Cookies are on the user's computer. If someone knows enough to enter a script that displays cookies, then they know enough to go into their own hard drive and read their own cookies directly. So you can't be worried about someone reading their own cookies.
Are you saying there is a possibility that one person might write a script that extracts a different user's cookies?
i know users can access their own cookie
after long time thinking, i get a way to do:
when press "preview" button, submit the code to www.anotherdomain.com and output as "Content-type: text/html", so it can't access the user's cookie of www.domain.com
(all above domains is for example only)
but is this the only way? i have to prepair a standalone domain for this single problem :(