Unfortunately, as for any other browser-specific features or those being too recent, we might as well acknowledge that httponly for a second a then, completely forget about it because it’s totally useless … the usual web development nightmare : we’re stuck to the narrowest common set of features 
Okay, HttpOnly is an easy temporary fix, but we all know where such tempting temp fix lead us, right ? I’m sure we all agree here it’s not a substitute for sanitizing, but guess what happens in the real world …