[wp-trac] Re: [WordPress Trac] #7677: WordPress should implement
HttpOnly Cookies to slow down XSS
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 3 16:23:14 GMT 2008
#7677: WordPress should implement HttpOnly Cookies to slow down XSS
---------------------------------+------------------------------------------
Reporter: _ck_ | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.7
Component: Security | Version:
Severity: major | Resolution:
Keywords: cookies needs-patch |
---------------------------------+------------------------------------------
Changes (by westi):
* keywords: cookies => cookies needs-patch
* milestone: 2.6.2 => 2.7
Comment:
I think it is not just that simple as {{{document.cookie}}} is used in
some of the WordPress js at the moment from what I see from a quick grep
in the code.
We need to review which of those are reading rather than writing cookies
and see if they need the auth/login/ssl cookies or not before we do this.
2.7 is a more reasonable target for this change.
--
Ticket URL: <http://trac.wordpress.org/ticket/7677#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list