| |
|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: httpOnly :: Firefox Add-ons. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
httpOnly :: Firefox Add-ons
by Acidus at 3:45 pm EDT, Apr 2, 2007 |
Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side, so that JavaScript cannot read them.
Awesome! Stefan Esser (of the Month of PHP mugs fame) continues to make excellent contributions to the web security space! Great job! |
| |
RE: httpOnly :: Firefox Add-ons
by lonew0lf at 1:58 am EDT, Apr 5, 2007 |
Acidus wrote: Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side, so that JavaScript cannot read them.
Awesome! Stefan Esser (of the Month of PHP mugs fame) continues to make excellent contributions to the web security space! Great job!
Are they still vulnerable the same way IE is where the browser respects httpOnly but XmlHttpRequest does not when you directly want to edit headers? |
|
|
|
