Message72368
Any progress on this? This patch is extremely straightforward (only
three lines of code), and should not break existing code.
The HttpOnly extension to cookies is now supported by IE, Firefox 3.0,
and Opera.
This article explains why HttpOnly is a good way to make cross-site
scripting attacks significantly more difficult:
http://www.codinghorror.com/blog/archives/001167.htmllop
I'd really like to see this patch applied to Cookie.py. |
|
Date |
User |
Action |
Args |
2008-09-02 22:45:10 | glyphobet | set | recipients:
+ glyphobet, jjlee, jimjjewett, moese, arvins |
2008-09-02 22:45:10 | glyphobet | set | messageid: <1220395510.77.0.456809922662.issue1638033@psf.upfronthosting.co.za> |
2008-09-02 22:45:09 | glyphobet | link | issue1638033 messages |
2008-09-02 22:45:09 | glyphobet | create | |
|