[Python-checkins] r66262 - in python/trunk: Doc/library/cookie.rst Lib/Cookie.py Misc/ACKS Misc/NEWS

benjamin.peterson python-checkins at python.org
Sat Sep 6 21:28:11 CEST 2008 

Author: benjamin.peterson
Date: Sat Sep  6 21:28:11 2008
New Revision: 66262

Log:
#1638033: add support for httponly on Cookie.Morsel

Reviewer: Benjamin


Modified:
   python/trunk/Doc/library/cookie.rst
   python/trunk/Lib/Cookie.py
   python/trunk/Misc/ACKS
   python/trunk/Misc/NEWS

Modified: python/trunk/Doc/library/cookie.rst
==============================================================================
--- python/trunk/Doc/library/cookie.rst	(original)
+++ python/trunk/Doc/library/cookie.rst	Sat Sep  6 21:28:11 2008
@@ -148,7 +148,7 @@
 --------------
 
 
-.. class:: Morsel()
+.. class:: Morsel
 
    Abstract a key/value pair, which has some :rfc:`2109` attributes.
 
@@ -162,9 +162,17 @@
    * ``max-age``
    * ``secure``
    * ``version``
+   * ``httponly``
+
+   The attribute :attr:`httponly` specifies that the cookie is only transfered
+   in HTTP requests, and is not accessible through JavaScript. This is intended
+   to mitigate some forms of cross-site scripting.
 
    The keys are case-insensitive.
 
+   .. versionadded:: 2.6
+      The :attr:`httponly` attribute was added.
+
 
 .. attribute:: Morsel.value
 

Modified: python/trunk/Lib/Cookie.py
==============================================================================
--- python/trunk/Lib/Cookie.py	(original)
+++ python/trunk/Lib/Cookie.py	Sat Sep  6 21:28:11 2008
@@ -408,6 +408,9 @@
     # For historical reasons, these attributes are also reserved:
     #   expires
     #
+    # This is an extension from Microsoft:
+    #   httponly
+    #
     # This dictionary provides a mapping from the lowercase
     # variant on the left to the appropriate traditional
     # formatting on the right.
@@ -417,6 +420,7 @@
                    "domain"      : "Domain",
                    "max-age" : "Max-Age",
                    "secure"      : "secure",
+                   "httponly"  : "httponly",
                    "version" : "Version",
                    }
 
@@ -499,6 +503,8 @@
                 RA("%s=%d" % (self._reserved[K], V))
             elif K == "secure":
                 RA(str(self._reserved[K]))
+            elif K == "httponly":
+                RA(str(self._reserved[K]))
             else:
                 RA("%s=%s" % (self._reserved[K], V))
 

Modified: python/trunk/Misc/ACKS
==============================================================================
--- python/trunk/Misc/ACKS	(original)
+++ python/trunk/Misc/ACKS	Sat Sep  6 21:28:11 2008
@@ -122,6 +122,7 @@
 Michael Chermside
 Albert Chin-A-Young
 Adal Chiriliuc
+Matt Chisholm
 Tom Christiansen
 Vadim Chugunov
 David Cinege

Modified: python/trunk/Misc/NEWS
==============================================================================
--- python/trunk/Misc/NEWS	(original)
+++ python/trunk/Misc/NEWS	Sat Sep  6 21:28:11 2008
@@ -56,6 +56,8 @@
 Library
 -------
 
+- Issue #1638033: Cookie.Morsel gained the httponly attribute.
+
 - Issue #3535: zipfile couldn't read some zip files larger than 2GB.
 
 - Issue #3776: Deprecate the bsddb package for removal in 3.0.

More information about the Python-checkins mailing list