← Back to context Comment by rabidsnail 13 years ago Or xhr with custom header, if you don't want to have to keep track of state. 2 comments rabidsnail Reply kijin 13 years ago So that anyone who has JavaScript disabled will be treated like an attacker? No thanks, HN is one of very few sites nowadays that work fine without JavaScript tricks, and I'd much rather PG kept it that way. simonster 13 years ago A custom header is not sufficient (blame Flash): http://lists.webappsec.org/pipermail/websecurity_lists.webap...
kijin 13 years ago So that anyone who has JavaScript disabled will be treated like an attacker? No thanks, HN is one of very few sites nowadays that work fine without JavaScript tricks, and I'd much rather PG kept it that way.
simonster 13 years ago A custom header is not sufficient (blame Flash): http://lists.webappsec.org/pipermail/websecurity_lists.webap...
So that anyone who has JavaScript disabled will be treated like an attacker? No thanks, HN is one of very few sites nowadays that work fine without JavaScript tricks, and I'd much rather PG kept it that way.
A custom header is not sufficient (blame Flash): http://lists.webappsec.org/pipermail/websecurity_lists.webap...