Merged revisions 66262 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/trunk ........ r66262 | benjamin.peterson | 2008-09-06 14:28:11 -0500 (Sat, 06 Sep 2008) | 4 lines #1638033: add support for httponly on Cookie.Morsel Reviewer: Benjamin ........
author: Benjamin Peterson <benjamin@python.org> 2008-09-06 19:37:35 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2008-09-06 19:37:35 (GMT)
commit: 35e661c7115256290e7abbf62f9d0bc602dfeac3 (patch)
tree: ceb5f778cb06d33b1152b46b9e07ea1b2c6fd462
parent: ae55dc0da47e48f8dc8e986f8038a3a900a81f00 (diff)
download: cpython-35e661c7115256290e7abbf62f9d0bc602dfeac3.zip
cpython-35e661c7115256290e7abbf62f9d0bc602dfeac3.tar.gz
cpython-35e661c7115256290e7abbf62f9d0bc602dfeac3.tar.bz2
3 files changed, 16 insertions, 1 deletions
diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst
index 9bffa40..0b66072 100644
--- a/Doc/library/http.cookies.rst
+++ b/Doc/library/http.cookies.rst
@@ -109,7 +109,7 @@ Morsel Objects
 --------------
 
 
-.. class:: Morsel()
+.. class:: Morsel
 
    Abstract a key/value pair, which has some :rfc:`2109` attributes.
 
@@ -123,9 +123,17 @@ Morsel Objects
    * ``max-age``
    * ``secure``
    * ``version``
+   * ``httponly``
+
+   The attribute :attr:`httponly` specifies that the cookie is only transfered
+   in HTTP requests, and is not accessible through JavaScript. This is intended
+   to mitigate some forms of cross-site scripting.
 
    The keys are case-insensitive.
 
+   .. versionadded:: 2.6
+      The :attr:`httponly` attribute was added.
+
 
 .. attribute:: Morsel.value
 
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
index 3242d83..03d1627 100644
--- a/Lib/http/cookies.py
+++ b/Lib/http/cookies.py
@@ -325,6 +325,9 @@ class Morsel(dict):
     # For historical reasons, these attributes are also reserved:
     #   expires
     #
+    # This is an extension from Microsoft:
+    #   httponly
+    #
     # This dictionary provides a mapping from the lowercase
     # variant on the left to the appropriate traditional
     # formatting on the right.
@@ -334,6 +337,7 @@ class Morsel(dict):
                    "domain"      : "Domain",
                    "max-age" : "Max-Age",
                    "secure"      : "secure",
+                   "httponly"  : "httponly",
                    "version" : "Version",
                    }
 
@@ -413,6 +417,8 @@ class Morsel(dict):
                 RA("%s=%d" % (self._reserved[K], V))
             elif K == "secure":
                 RA(str(self._reserved[K]))
+            elif K == "httponly":
+                RA(str(self._reserved[K]))
             else:
                 RA("%s=%s" % (self._reserved[K], V))
 
diff --git a/Misc/ACKS b/Misc/ACKS
index dd658c7..0cc5ade 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -121,6 +121,7 @@ Nicolas Chauvat
 Michael Chermside
 Albert Chin-A-Young
 Adal Chiriliuc
+Matt Chisholm
 Tom Christiansen
 Vadim Chugunov
 David Cinege
author	Benjamin Peterson <benjamin@python.org>	2008-09-06 19:37:35 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2008-09-06 19:37:35 (GMT)
commit	35e661c7115256290e7abbf62f9d0bc602dfeac3 (patch)
tree	ceb5f778cb06d33b1152b46b9e07ea1b2c6fd462
parent	ae55dc0da47e48f8dc8e986f8038a3a900a81f00 (diff)
download	cpython-35e661c7115256290e7abbf62f9d0bc602dfeac3.zip cpython-35e661c7115256290e7abbf62f9d0bc602dfeac3.tar.gz cpython-35e661c7115256290e7abbf62f9d0bc602dfeac3.tar.bz2