
The Can't Be Evil Sandbox - larrysalibra
https://salibra.com/p/cant-be-evil-sandbox-f0475feec4b9
======
drdeca
I'm not really convinced by the argument about cookies. Not allowing cookies,
but allowing localStorage and applications to automatically send information
from localStorage to the webserver, is not something that I understand as
accomplishing all that much. Why would that accomplish anything?

Unless, is there something preventing javascript from, on page load, always
sending "hey, here is some content from localstorage" to the server? But I
imagine that there isn't anything preventing that, so I don't see the benefit.

In addition, my understanding is that localStorage can only be used using
javascript, while cookies can be used for login and such without using
javascript.

It seems like these requirements would therefore require applications to
either not have a login feature, or to use javascript.

(I know someone who is running a website with accounts, and who intends to use
a minimal amount of javascript for it.)

"no third party scripts" makes sense to me (though I might suggest the amended
"no third party scripts, unless including a hash or something to ensure that
the third party script does not change"?).

