Certain web applications face the risk of cross-site scripting vulnerabilities. Although this is the fault of the web applications and can always be avoided by correct programming an extra security mechanism can never hurt.
That is the reason Microsoft introduced HTTP-only Cookies in Internet Explorer 6 SP1. Firefox added support in Gran Paradiso Alpha 3.
I wanted to use this feature with my favourite web framework Django. Unfortunately it is as of this writing not available.
Patches:
Surely I made enhancement requests for Python and Django but so far the patches have not been integrated.Arvin Schnell (Homepage)
| Last modified 31st December 2007 | Copyright (©) 2007 by Arvin Schnell |