You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mod_python-commits@quetz.apache.org by gr...@apache.org on 2006/04/30 12:36:23 UTC
svn commit: r398310 - in /httpd/mod_python/trunk: Doc/appendixc.tex
Doc/modpython4.tex lib/python/mod_python/Cookie.py
Author: grahamd
Date: Sun Apr 30 03:36:18 2006
New Revision: 398310
URL: http://svn.apache.org/viewcvs?rev=398310&view=rev
Log:
Added support to cookies for "httponly" attribute, an extension originally
created by Microsoft, but now getting more widespread use in the battle
against cross site-scripting attacks. (MODPYTHON-108)
Modified:
httpd/mod_python/trunk/Doc/appendixc.tex
httpd/mod_python/trunk/Doc/modpython4.tex
httpd/mod_python/trunk/lib/python/mod_python/Cookie.py
Modified: httpd/mod_python/trunk/Doc/appendixc.tex
URL: http://svn.apache.org/viewcvs/httpd/mod_python/trunk/Doc/appendixc.tex?rev=398310&r1=398309&r2=398310&view=diff
==============================================================================
--- httpd/mod_python/trunk/Doc/appendixc.tex (original)
+++ httpd/mod_python/trunk/Doc/appendixc.tex Sun Apr 30 03:36:18 2006
@@ -78,6 +78,11 @@
\item
(\citetitle[http://issues.apache.org/jira/browse/MODPYTHON-149]{MODPYTHON-149})
Added support for session objects that span domains.
+ \item
+ (\citetitle[http://issues.apache.org/jira/browse/MODPYTHON-108]{MODPYTHON-108})
+ Added support to cookies for \code{httponly} attribute, an extension
+ originally created by Microsoft, but now getting more widespread use
+ in the battle against cross site-scripting attacks.
\end{itemize}
Improvements
Modified: httpd/mod_python/trunk/Doc/modpython4.tex
URL: http://svn.apache.org/viewcvs/httpd/mod_python/trunk/Doc/modpython4.tex?rev=398310&r1=398309&r2=398310&view=diff
==============================================================================
--- httpd/mod_python/trunk/Doc/modpython4.tex (original)
+++ httpd/mod_python/trunk/Doc/modpython4.tex Sun Apr 30 03:36:18 2006
@@ -1996,7 +1996,7 @@
the cookie. The \class{Cookie} class restricts attribute names to
only valid values, specifically, only the following attributes are
allowed: \code{name, value, version, path, domain, secure, comment,
- expires, max_age, commentURL, discard, port, __data__}.
+ expires, max_age, commentURL, discard, port, httponly, __data__}.
The \code{__data__} attribute is a general-purpose dictionary that
can be used for storing arbitrary values, when necessary (This is
Modified: httpd/mod_python/trunk/lib/python/mod_python/Cookie.py
URL: http://svn.apache.org/viewcvs/httpd/mod_python/trunk/lib/python/mod_python/Cookie.py?rev=398310&r1=398309&r2=398310&view=diff
==============================================================================
--- httpd/mod_python/trunk/lib/python/mod_python/Cookie.py (original)
+++ httpd/mod_python/trunk/lib/python/mod_python/Cookie.py Sun Apr 30 03:36:18 2006
@@ -59,7 +59,9 @@
"version", "path", "domain", "secure",
"comment", "expires", "max_age",
# RFC 2965
- "commentURL", "discard", "port")
+ "commentURL", "discard", "port",
+ # Microsoft Extension
+ "httponly" )
# _valid_attr + property values
# (note __slots__ is a new Python feature, it
@@ -149,7 +151,7 @@
result = ["%s=%s" % (self.name, self.value)]
for name in self._valid_attr:
if hasattr(self, name):
- if name in ("secure", "discard"):
+ if name in ("secure", "discard", "httponly"):
result.append(name)
else:
result.append("%s=%s" % (name, getattr(self, name)))
@@ -205,7 +207,7 @@
self.value)]
for name in self._valid_attr:
if hasattr(self, name):
- if name in ("secure", "discard"):
+ if name in ("secure", "discard", "httponly"):
result.append(name)
else:
result.append("%s=%s" % (name, getattr(self, name)))
@@ -268,7 +270,7 @@
result = ["%s=%s%s" % (self.name, self.hexdigest(m), m)]
for name in self._valid_attr:
if hasattr(self, name):
- if name in ("secure", "discard"):
+ if name in ("secure", "discard", "httponly"):
result.append(name)
else:
result.append("%s=%s" % (name, getattr(self, name)))