search

gorhill / httpswitchboard

Point & click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, facebook, etc.
GNU General Public License v3.0
1.33k stars 84 forks source link

Block javascript access to cookies #376

Open coffeemakr opened 10 years ago

coffeemakr commented 10 years ago

I'm aware that the primary goal of HTTPSB is the control of network actions. But my problem is when you don't want a site to use cookies but you have to enable javascript, they can set them and read them back via document.cookie.

I don't know how hard it would be to execute something like the following before page loading:

document.__defineGetter__("cookie", function() { return '';} );
document.__defineSetter__("cookie", function() {} );

This would prevent all cookie-javascript actions. Maybe I'm not alone with this idea.

coffeemakr commented 10 years ago

Another idea is that the HTTPSB could block cookies via chromes site settings.