[wp-trac] Re: [WordPress Trac] #7677: WordPress should implement
HttpOnly Cookies to slow down XSS
WordPress Trac
wp-trac at lists.automattic.com
Fri Sep 5 00:14:26 GMT 2008
#7677: WordPress should implement HttpOnly Cookies to slow down XSS
----------------------------------------------+-----------------------------
Reporter: _ck_ | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.7
Component: Security | Version:
Severity: major | Resolution:
Keywords: cookies needs-patch dev-reviewed |
----------------------------------------------+-----------------------------
Comment (by ryan):
[8810] removes HTTPOnly for Safari. We had some weird problems with
Safari not setting the cookie when testing on wordpress.com. Looks like
it was only when setting cookies via remote login, so it might not be
something a regular WP blog will see. Disabling for now while I track it
down.
--
Ticket URL: <http://trac.wordpress.org/ticket/7677#comment:16>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list