[wp-trac] Re: [WordPress Trac] #7677: WordPress should implement
HttpOnly Cookies to slow down XSS
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 3 16:31:36 GMT 2008
#7677: WordPress should implement HttpOnly Cookies to slow down XSS
---------------------------------+------------------------------------------
Reporter: _ck_ | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.7
Component: Security | Version:
Severity: major | Resolution:
Keywords: cookies needs-patch |
---------------------------------+------------------------------------------
Comment (by _ck_):
On the bbPress side, data is passed to the javascript client via `var`'s
set in the `<head></head>` section by PHP. That way only the critical
data like the user id and user name are passed instead of relying on the
cookie. WordPress should definitely use that technique too.
--
Ticket URL: <http://trac.wordpress.org/ticket/7677#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list