python-checkins at python
Sep 6, 2008, 12:28 PM
Post #1 of 1
(26 views)
Permalink
|
|
r66262 - in python/trunk: Doc/library/cookie.rst Lib/Cookie.py Misc/ACKS Misc/NEWS
|
|
Author: benjamin.peterson
Date: Sat Sep 6 21:28:11 2008
New Revision: 66262
Log:
#1638033: add support for httponly on Cookie.Morsel
Reviewer: Benjamin
Modified:
python/trunk/Doc/library/cookie.rst
python/trunk/Lib/Cookie.py
python/trunk/Misc/ACKS
python/trunk/Misc/NEWS
Modified: python/trunk/Doc/library/cookie.rst
==============================================================================
--- python/trunk/Doc/library/cookie.rst (original)
+++ python/trunk/Doc/library/cookie.rst Sat Sep 6 21:28:11 2008
@@ -148,7 +148,7 @@
--------------
-.. class:: Morsel()
+.. class:: Morsel
Abstract a key/value pair, which has some :rfc:`2109` attributes.
@@ -162,9 +162,17 @@
* ``max-age``
* ``secure``
* ``version``
+ * ``httponly``
+
+ The attribute :attr:`httponly` specifies that the cookie is only transfered
+ in HTTP requests, and is not accessible through JavaScript. This is intended
+ to mitigate some forms of cross-site scripting.
The keys are case-insensitive.
+ .. versionadded:: 2.6
+ The :attr:`httponly` attribute was added.
+
.. attribute:: Morsel.value
Modified: python/trunk/Lib/Cookie.py
==============================================================================
--- python/trunk/Lib/Cookie.py (original)
+++ python/trunk/Lib/Cookie.py Sat Sep 6 21:28:11 2008
@@ -408,6 +408,9 @@
# For historical reasons, these attributes are also reserved:
# expires
#
+ # This is an extension from Microsoft:
+ # httponly
+ #
# This dictionary provides a mapping from the lowercase
# variant on the left to the appropriate traditional
# formatting on the right.
@@ -417,6 +420,7 @@
"domain" : "Domain",
"max-age" : "Max-Age",
"secure" : "secure",
+ "httponly" : "httponly",
"version" : "Version",
}
@@ -499,6 +503,8 @@
RA("%s=%d" % (self._reserved[K], V))
elif K == "secure":
RA(str(self._reserved[K]))
+ elif K == "httponly":
+ RA(str(self._reserved[K]))
else:
RA("%s=%s" % (self._reserved[K], V))
Modified: python/trunk/Misc/ACKS
==============================================================================
--- python/trunk/Misc/ACKS (original)
+++ python/trunk/Misc/ACKS Sat Sep 6 21:28:11 2008
@@ -122,6 +122,7 @@
Michael Chermside
Albert Chin-A-Young
Adal Chiriliuc
+Matt Chisholm
Tom Christiansen
Vadim Chugunov
David Cinege
Modified: python/trunk/Misc/NEWS
==============================================================================
--- python/trunk/Misc/NEWS (original)
+++ python/trunk/Misc/NEWS Sat Sep 6 21:28:11 2008
@@ -56,6 +56,8 @@
Library
-------
+- Issue #1638033: Cookie.Morsel gained the httponly attribute.
+
- Issue #3535: zipfile couldn't read some zip files larger than 2GB.
- Issue #3776: Deprecate the bsddb package for removal in 3.0.
_______________________________________________
Python-checkins mailing list
Python-checkins[at]python.org
http://mail.python.org/mailman/listinfo/python-checkins
|
