[issue1638033] Add httponly to Cookie module

[Matt Chisholm]

Matt Chisholm <[EMAIL PROTECTED]> added the comment:

Any progress on this? This patch is extremely straightforward (only
three lines of code), and should not break existing code. 

The HttpOnly extension to cookies is now supported by IE, Firefox 3.0,
and Opera. 

This article explains why HttpOnly is a good way to make cross-site
scripting attacks significantly more difficult:

http://www.codinghorror.com/blog/archives/001167.htmllop

I'd really like to see this patch applied to Cookie.py.

--
nosy: +glyphobet

___
Python tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue1638033>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue1638033] Add httponly to Cookie module

[Matt Chisholm]

Matt Chisholm <[EMAIL PROTECTED]> added the comment:

I have updated the diff to use reST for the docs.  I removed the link to
MSDN from the reST docs because it is broken and I could not find the
article that it was intended to point to.  I also slightly re-worded the
paragraph describing httponly.  

I did not add any tests for the new feature as Antoine Pitrou requested,
because the test for Cookie only tests SimpleCookie. It does not test
expires, max-age, secure, or any of the other cookie attributes that
Cookie.py sets. Testing httponly (or any of the other cookie attributes)
would require rewriting most of the test.

Added file: http://bugs.python.org/file11396/HttpOnlyCookies.diff

___
Python tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue1638033>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com