benjamin.peterson
2008-09-06 19:37:35 UTC
Author: benjamin.peterson
Date: Sat Sep 6 21:37:35 2008
New Revision: 66263
Log:
Merged revisions 66262 via svnmerge from
svn+ssh://pythondev at svn.python.org/python/trunk
........
r66262 | benjamin.peterson | 2008-09-06 14:28:11 -0500 (Sat, 06 Sep 2008) | 4 lines
#1638033: add support for httponly on Cookie.Morsel
Reviewer: Benjamin
........
Modified:
python/branches/py3k/ (props changed)
python/branches/py3k/Doc/library/http.cookies.rst
python/branches/py3k/Lib/http/cookies.py
python/branches/py3k/Misc/ACKS
Modified: python/branches/py3k/Doc/library/http.cookies.rst
==============================================================================
--- python/branches/py3k/Doc/library/http.cookies.rst (original)
+++ python/branches/py3k/Doc/library/http.cookies.rst Sat Sep 6 21:37:35 2008
@@ -109,7 +109,7 @@
--------------
-.. class:: Morsel()
+.. class:: Morsel
Abstract a key/value pair, which has some :rfc:`2109` attributes.
@@ -123,9 +123,17 @@
* ``max-age``
* ``secure``
* ``version``
+ * ``httponly``
+
+ The attribute :attr:`httponly` specifies that the cookie is only transfered
+ in HTTP requests, and is not accessible through JavaScript. This is intended
+ to mitigate some forms of cross-site scripting.
The keys are case-insensitive.
+ .. versionadded:: 2.6
+ The :attr:`httponly` attribute was added.
+
.. attribute:: Morsel.value
Modified: python/branches/py3k/Lib/http/cookies.py
==============================================================================
--- python/branches/py3k/Lib/http/cookies.py (original)
+++ python/branches/py3k/Lib/http/cookies.py Sat Sep 6 21:37:35 2008
@@ -325,6 +325,9 @@
# For historical reasons, these attributes are also reserved:
# expires
#
+ # This is an extension from Microsoft:
+ # httponly
+ #
# This dictionary provides a mapping from the lowercase
# variant on the left to the appropriate traditional
# formatting on the right.
@@ -334,6 +337,7 @@
"domain" : "Domain",
"max-age" : "Max-Age",
"secure" : "secure",
+ "httponly" : "httponly",
"version" : "Version",
}
@@ -413,6 +417,8 @@
RA("%s=%d" % (self._reserved[K], V))
elif K == "secure":
RA(str(self._reserved[K]))
+ elif K == "httponly":
+ RA(str(self._reserved[K]))
else:
RA("%s=%s" % (self._reserved[K], V))
Modified: python/branches/py3k/Misc/ACKS
==============================================================================
--- python/branches/py3k/Misc/ACKS (original)
+++ python/branches/py3k/Misc/ACKS Sat Sep 6 21:37:35 2008
@@ -121,6 +121,7 @@
Michael Chermside
Albert Chin-A-Young
Adal Chiriliuc
+Matt Chisholm
Tom Christiansen
Vadim Chugunov
David Cinege
Date: Sat Sep 6 21:37:35 2008
New Revision: 66263
Log:
Merged revisions 66262 via svnmerge from
svn+ssh://pythondev at svn.python.org/python/trunk
........
r66262 | benjamin.peterson | 2008-09-06 14:28:11 -0500 (Sat, 06 Sep 2008) | 4 lines
#1638033: add support for httponly on Cookie.Morsel
Reviewer: Benjamin
........
Modified:
python/branches/py3k/ (props changed)
python/branches/py3k/Doc/library/http.cookies.rst
python/branches/py3k/Lib/http/cookies.py
python/branches/py3k/Misc/ACKS
Modified: python/branches/py3k/Doc/library/http.cookies.rst
==============================================================================
--- python/branches/py3k/Doc/library/http.cookies.rst (original)
+++ python/branches/py3k/Doc/library/http.cookies.rst Sat Sep 6 21:37:35 2008
@@ -109,7 +109,7 @@
--------------
-.. class:: Morsel()
+.. class:: Morsel
Abstract a key/value pair, which has some :rfc:`2109` attributes.
@@ -123,9 +123,17 @@
* ``max-age``
* ``secure``
* ``version``
+ * ``httponly``
+
+ The attribute :attr:`httponly` specifies that the cookie is only transfered
+ in HTTP requests, and is not accessible through JavaScript. This is intended
+ to mitigate some forms of cross-site scripting.
The keys are case-insensitive.
+ .. versionadded:: 2.6
+ The :attr:`httponly` attribute was added.
+
.. attribute:: Morsel.value
Modified: python/branches/py3k/Lib/http/cookies.py
==============================================================================
--- python/branches/py3k/Lib/http/cookies.py (original)
+++ python/branches/py3k/Lib/http/cookies.py Sat Sep 6 21:37:35 2008
@@ -325,6 +325,9 @@
# For historical reasons, these attributes are also reserved:
# expires
#
+ # This is an extension from Microsoft:
+ # httponly
+ #
# This dictionary provides a mapping from the lowercase
# variant on the left to the appropriate traditional
# formatting on the right.
@@ -334,6 +337,7 @@
"domain" : "Domain",
"max-age" : "Max-Age",
"secure" : "secure",
+ "httponly" : "httponly",
"version" : "Version",
}
@@ -413,6 +417,8 @@
RA("%s=%d" % (self._reserved[K], V))
elif K == "secure":
RA(str(self._reserved[K]))
+ elif K == "httponly":
+ RA(str(self._reserved[K]))
else:
RA("%s=%s" % (self._reserved[K], V))
Modified: python/branches/py3k/Misc/ACKS
==============================================================================
--- python/branches/py3k/Misc/ACKS (original)
+++ python/branches/py3k/Misc/ACKS Sat Sep 6 21:37:35 2008
@@ -121,6 +121,7 @@
Michael Chermside
Albert Chin-A-Young
Adal Chiriliuc
+Matt Chisholm
Tom Christiansen
Vadim Chugunov
David Cinege