← Back to context Comment by hcarvalhoalves 13 years ago No one thought about pages.github.com? 5 comments hcarvalhoalves Reply steveklabnik 13 years ago That does not solve the security issues that they're looking to mitigate. hcarvalhoalves 13 years ago I see. I thought they could limit the cookies to the github.com root, but they already have stuff like gist.github.com. Groxx 13 years ago Which doesn't run arbitrary JS code, unlike the username.github.com pages, which means gist.github.com is incapable of setting such cookies.Unless there's a way to 'run' gist files? I'm not aware of any, but I haven't tried particularly hard. 2 replies →
steveklabnik 13 years ago That does not solve the security issues that they're looking to mitigate. hcarvalhoalves 13 years ago I see. I thought they could limit the cookies to the github.com root, but they already have stuff like gist.github.com. Groxx 13 years ago Which doesn't run arbitrary JS code, unlike the username.github.com pages, which means gist.github.com is incapable of setting such cookies.Unless there's a way to 'run' gist files? I'm not aware of any, but I haven't tried particularly hard. 2 replies →
hcarvalhoalves 13 years ago I see. I thought they could limit the cookies to the github.com root, but they already have stuff like gist.github.com. Groxx 13 years ago Which doesn't run arbitrary JS code, unlike the username.github.com pages, which means gist.github.com is incapable of setting such cookies.Unless there's a way to 'run' gist files? I'm not aware of any, but I haven't tried particularly hard. 2 replies →
Groxx 13 years ago Which doesn't run arbitrary JS code, unlike the username.github.com pages, which means gist.github.com is incapable of setting such cookies.Unless there's a way to 'run' gist files? I'm not aware of any, but I haven't tried particularly hard. 2 replies →
That does not solve the security issues that they're looking to mitigate.
I see. I thought they could limit the cookies to the github.com root, but they already have stuff like gist.github.com.
Which doesn't run arbitrary JS code, unlike the username.github.com pages, which means gist.github.com is incapable of setting such cookies.
Unless there's a way to 'run' gist files? I'm not aware of any, but I haven't tried particularly hard.
2 replies →