Ok, when firefox 3.0 is released, they will have httpOnly function included in their browser. httpOnly is a new attribute for cookies to stop client side script from executing, thus preventing most of the XSS. I am not sure if it stops 100% of XSS, but still its a good move from the Firefox team to implement it. More stories can be found here:
http://www.networkcomputing.com/blog/dailyblog/archives/2007/03/no_cookie_for_y.html
A typical httpOnly cookie looks like this:
Set-Cookie: USER=hackathology; expires=Saturday, 18-March-07 09:28:18 GMT; HttpOnly
Minggu, 18 Maret 2007
Firefox 3.0 httpOnly
22.45
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar