Update: Jordan and Wladimir Palant noticed it right away! (Wladimir) "Wait, last time I checked Java wasn
Back in late 2002 Microsoft implemented the httpOnly cookie flag in Internet Explorer as a way to prevent XSS cookie theft by denying JavaScript from reading document.cookie. A couple of months later I authored a paper describing an attack I called Cross-Site Tracing (XST), or XSS++ if you prefer, as a bypass httpOnly (plus added some other good stuff). XST works by taking control of a victims web browser and forcing it to send an HTTP TRACE (method) to the target web server, typically via XmlHTTPRequest (XHR). Web servers supporting TRACE respond by placing the all data received in the HTTP request (request line, headers, post data) into the response body. Here

The link for this article located at Jeremiah Grossman is no longer available.