|
|
|
|
|
|
by novas0x2a
5806 days ago
|
|
|
Cookies have this problem, too (anyone from the same domain sees your cookies, and you can't really count on the cookie path). So does XMLHTTPRequest. Same origin[1] is pretty much the governing rule here; there wasn't any point in making pushState any more secure than the rest of the system. 1) http://en.wikipedia.org/wiki/Same_origin_policy |
|
|